Erm, fellow mailserver hackers: did I miss something?

I was just told that I should use SHA256 hashes, rather than SHA512 for MTA DANE (meaning: eg 3 1 1 rather than 3 1 2).

Is this correct? I fail miserably at finding the corresponding RFCs.

#DANE#MTA#DNS #mailserver#RYOMS #selfhosting

Erm, fellow mailserver hackers: did I miss something?

I was just told that I should use SHA256 hashes, rather than SHA512 for MTA DANE (meaning: eg 3 1 1 rather than 3 1 2).

Is this correct? I fail miserably at finding the corresponding RFCs.

#DANE#MTA#DNS #mailserver#RYOMS #selfhosting

Claudia Plattner, President of German BSI, has just been featured in an article on email security in eco's dotmagazine. It's a wake up call and invitation to enhance email security in a joined effort

I like it

https://www.dotmagazine.online/issues/digital-security-trust-consumer-protection/enhancing-email-security

#SPF#DKIM#DMARC#DANE#TLSA#MTASTS #TLSRPT#Mailsecurity #TeamBSI @bsi

I missed the info but Microsoft is deploying #DANE to many Outlook / Hotmail systems:

https://framagit.org/-/snippets/7528

#DNSSEC #email

Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?

#ssl #tls #dane #acme #certificate #certificateauthority #ca

Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?

#ssl #tls #dane #acme #certificate #certificateauthority #ca

Claudia Plattner, President of German BSI, has just been featured in an article on email security in eco's dotmagazine. It's a wake up call and invitation to enhance email security in a joined effort

I like it

https://www.dotmagazine.online/issues/digital-security-trust-consumer-protection/enhancing-email-security

#SPF#DKIM#DMARC#DANE#TLSA#MTASTS #TLSRPT#Mailsecurity #TeamBSI @bsi