Re: Evangelizing DNSSEC and DANE

Patrick Ben Koetter Sat, 24 May 2014 10:00:32 -0700

* lst_ho...@kwsoft.de <lst_ho...@kwsoft.de>:
> 
> Zitat von lst_ho...@kwsoft.de:
> 
> >Not sure if someone already noticed (in German):
> >
> >http://www.heise.de/newsticker/meldung/Bund-sichert-ueberraschend-Mailtransport-per-DANE-ab-2196565.html
> >
> >Looks like the german government is at least in progress of setup
> >DANE for e-mail for domain "bund.de"
> >
> >Would be a big "marketing" point i guess.
> >
> >Regards
> >
> >Andreas
> 
> Hm, looks like a short test as of now. There are no TLSA records any more :-(


Works for me:

p@mail:~$ posttls-finger -t30 -T180 -c -L verbose,summary bund.de
posttls-finger: initializing the client-side TLS engine
posttls-finger: using DANE RR: _25._tcp.mx2.bund.de IN TLSA 3 0 1 
59:E3:CF:5F:A1:51:55:3F:45:76:C9:4C:25:00:D7:05:EF:DD:D8:55:B6:A5:9D:88:D2:8D:03:28:87:6A:04:CB
posttls-finger: setting up TLS connection to mx2.bund.de[77.87.228.110]:25
posttls-finger: mx2.bund.de[77.87.228.110]:25: TLS cipher list 
"aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!aNULL"
posttls-finger: mx2.bund.de[77.87.228.110]:25: depth=2 verify=0 
subject=/C=DE/O=PKI-1-Verwaltung/CN=PCA-1-Verwaltung-10
posttls-finger: mx2.bund.de[77.87.228.110]:25: depth=2 verify=1 
subject=/C=DE/O=PKI-1-Verwaltung/CN=PCA-1-Verwaltung-10
posttls-finger: mx2.bund.de[77.87.228.110]:25: depth=1 verify=1 
subject=/C=DE/O=PKI-1-Verwaltung/OU=Bund/CN=CA IVBB Deutsche Telekom AG 11
posttls-finger: mx2.bund.de[77.87.228.110]:25: depth=0 verify=1 
subject=/C=DE/O=Service/OU=ivbb-betrieb/L=ivbb-betrieb/CN=mx2.bund.de
posttls-finger: mx2.bund.de[77.87.228.110]:25: depth=0 matched end entity 
certificate sha256 digest 
59:E3:CF:5F:A1:51:55:3F:45:76:C9:4C:25:00:D7:05:EF:DD:D8:55:B6:A5:9D:88:D2:8D:03:28:87:6A:04:CB
posttls-finger: mx2.bund.de[77.87.228.110]:25: subject_CN=mx2.bund.de, 
issuer_CN=CA IVBB Deutsche Telekom AG 11, 
fingerprint=72:78:BE:C8:3E:61:A0:12:BE:BF:3B:79:F0:CE:9A:A2:8C:26:24:FF, 
pkey_fingerprint=3A:3E:5F:A4:50:F8:DD:FC:56:35:FF:08:2A:F9:ED:82:B9:AB:7B:82
posttls-finger: Verified TLS connection established to 
mx2.bund.de[77.87.228.110]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 
bits)

p@rick



-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Evangelizing DNSSEC and DANE

Reply via email to