it-systeme
christoph ender
christoph ender
it operations
·
networking
·
software
development
about
Hi there! These pages are intended to share notes and
experiences from my work as an IT freelancer – yes, you
can hire me – working in OPs, networking and development.
contact
latest blog entry: “dane and tlsa basics”
DANE –
DNS-based Authentication of Named Entities –
stores hash digests of certificates in TLSA DNS resource
records. In combination with
DNSSEC
it is possible to verify certificates without any
CA
using DNS alone, thereby eliminating man-in-the-middle and
downgrade attacks.