If the server configured DNSSEC in a bad way then for surely it wont
work and thats what happened with gnu.org if you read this ticket:
https://github.com/systemd/systemd/issues/9867
This ticket show clearly that the operators of gnu.org didnt fix their
bad DNSSEC configuration despite being p
No, resolved is on the client side. This means that they managed to set up
dnssec, but some clients who use systemd (most Linux users) can't connect to
gnu.org domains anymore. I don't think this is acceptable :)
Le 25 mai 2021 08:51:29 GMT-04:00, bo0od a écrit :
>Then dont use systemd to do th
Then dont use systemd to do that. There many other methods/tools to
achieve having it.
Marius Bakke:
Julien Lepiller skriver:
Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari a écrit :
On Fri, Apr 16, 2021 at 11:00:05AM +, bo0od wrote:
Scanning Guix website gave many missing security
Julien Lepiller skriver:
> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari a
> écrit :
>>On Fri, Apr 16, 2021 at 11:00:05AM +, bo0od wrote:
>>> Scanning Guix website gave many missing security features which
>>modern
>>> security needs them to be available:
>>>
>>> * TLS and DNS:
>>>
>>
Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari a écrit :
>On Fri, Apr 16, 2021 at 11:00:05AM +, bo0od wrote:
>> Scanning Guix website gave many missing security features which
>modern
>> security needs them to be available:
>>
>> * TLS and DNS:
>>
>> looking at:
>>
>> https://www.hardeni
Leo Famulari writes:
>> - Force redirection of insecure connection with plain text to TLS
>> - HSTS/HSTS-preload support missing (important)
>
> Yes, we should enable these.
Be careful with HSTS, it can make the site inaccessible if you lose
access to a certificate and have to replace it. And y
On Fri, Apr 16, 2021 at 11:00:05AM +, bo0od wrote:
> Scanning Guix website gave many missing security features which modern
> security needs them to be available:
>
> * TLS and DNS:
>
> looking at:
>
> https://www.hardenize.com/report/guix.gnu.org/1618568751
>
> https://www.ssllabs.com/sslt
Hi There,
Scanning Guix website gave many missing security features which modern
security needs them to be available:
* TLS and DNS:
looking at:
https://www.hardenize.com/report/guix.gnu.org/1618568751
https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
- DNS: DNSSEC support missin
