security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

update information on DNS security

Browse Source
This commit is contained in:
Daniel Micay 2021-03-23 10:05:42 -04:00
parent df8251b305
commit 7a3a5b3f57
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
static/features.html
View File

@ -211,10 +211,13 @@
<li>Strong cipher configurations for all of our services (SSH, TLS, etc.) with <li>Strong cipher configurations for all of our services (SSH, TLS, etc.) with
only modern AEAD ciphers providing forward secrecy</li> only modern AEAD ciphers providing forward secrecy</li>
<li>Our web services use OCSP stapling with Must-Staple</li> <li>Our web services use OCSP stapling with Must-Staple</li>
<li>DNSSEC implemented for all of our domains, which is particularly important <li>DNSSEC implemented for all of our domains</li>
for securing email due to it relying on DNS records</li> <li>DNS Certification Authority Authorization (CAA) records for all of our
<li>DANE TLSA records for pinning keys for all our TLS services (mostly helps domains permitting only Let's Encrypt to issue certificates with fully
to secure email due to lack of browser support)</li> integrated support for the experimental <code>accounturi</code> and
<code>validationmethods</code> pinning our Let's Encrypt accounts as the only ones
allowed to issue certificates</li>
<li>DANE TLSA records for pinning keys for all our TLS services</li>
<li>Our mail server enforces DNSSEC/DANE to provide authenticated encryption <li>Our mail server enforces DNSSEC/DANE to provide authenticated encryption
when sending mail including alert messages from the attestation service</li> when sending mail including alert messages from the attestation service</li>
<li>SSHFP across all domains for pinning SSH keys</li> <li>SSHFP across all domains for pinning SSH keys</li>