Please enable DANE on kde.org
John Scott
jscott at posteo.net
Sat Apr 15 05:34:42 BST 2023
Hi,
I noticed that kde.org is signed/has DNSSEC enabled, that's awesome! That means you've already put in 99% of the work to enabling DANE.
Could you please publish a TLSA record such as the following? This will remain valid as long as the public key remains the same (even if the certificate changes):
_443._tcp.kde.org. IN TLSA 3 1 1 7c1d967e0afb4471d172a5ca766f95c282e4c3a222e3467fa00fd4af229f40ed
I generated this on Debian by installing the hash-slinger package and then running
tlsa --selector 1 -c kde.org
Please let me know if I can help, be it with testing or otherwise.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20230415/861d4491/attachment.sig>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5880 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20230415/861d4491/attachment.bin>
More information about the kde-www
mailing list