generating tlsa sshfp and openpgpkey records yum install
play

Generating TLSA, SSHFP and OPENPGPKEY records yum install - PowerPoint PPT Presentation

Apr 20, 2023 •102 likes •300 views

DNSSEC / DANE demo Paul Wouters Senior software engineer, Red Hat October 17, 2015 1 Paul Wouters <pwouters@redhat.com> Generating TLSA, SSHFP and OPENPGPKEY records yum install hash-slinger tlsa --create www.example.com (for

  1. DNSSEC / DANE demo Paul Wouters Senior software engineer, Red Hat October 17, 2015 1 Paul Wouters <pwouters@redhat.com>

  2. Generating TLSA, SSHFP and OPENPGPKEY records ● yum install hash-slinger ● tlsa --create www.example.com (for https) ● sshfp -a (known_hosts) ● sshfp -a -d -d nohats.ca -n ns0.nohats.ca (axfr+scan) ● openpgpkey --create pwouters@fedoraproject.org 2 Paul Wouters <pwouters@redhat.com>

  3. Verifying TLSA, SSHFP and OPENPGPKEY records ● tlsa --verify www.example.com ● openpgpkey --verify pwouters@fedoraproject.org ● openpgpkey --fetch pwouters@fedoraproject.org 3 Paul Wouters <pwouters@redhat.com>

  4. Configure postfix to use TLS ● Generate TLS key, certificate and CA-certificate ● Enable TLS in postfix: ● postconf -e "smtpd_tls_security_level = may" ● postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/server.key" ● postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/server.pem" ● postconf -e “smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem” ● postconf -e "smtpd_tls_security_level = may" ● postfix reload 4 Paul Wouters <pwouters@redhat.com>

  5. Configure postfix to use DNSSEC and DANE ● postconf -e "smtp_dns_support_level = dnssec" ● postconf -e "smtp_tls_security_level = dane" ● Ensure the server postfix runs on is configured to use a DNSSEC capable server specified in /etc/resolv.conf (you can point to 8.8.8.8 or 193.110.157.123) 5 Paul Wouters <pwouters@redhat.com>

  6. Postfix now requires TLS when a TLSA record is present 6 Paul Wouters <pwouters@redhat.com>

  7. Postfix validates the TLSA record before sending email 7 Paul Wouters <pwouters@redhat.com>

  8. Publishing an OPENPGPKEY: ● Generate a new gpg key, for example using gnupg 8 Paul Wouters <pwouters@redhat.com>

  9. Publishing an OPENPGPKEY: ● Generate a new gpg key, for example using gnupg 9 Paul Wouters <pwouters@redhat.com>

  10. Publishing an OPENPGPKEY: ● Create an OPENPGPKEY record (in generic format) 10 Paul Wouters <pwouters@redhat.com>

  11. Publishing an OPENPGPKEY: ● Create an OPENPGPKEY record (in rfc format) 11 Paul Wouters <pwouters@redhat.com>

  12. Publish your OPENPGPKEY and verify it: ● Add record to zone, re-sign and propagate zone, then: 12 Paul Wouters <pwouters@redhat.com>

  13. openpgpkey tool warns about email mismatch 13 Paul Wouters <pwouters@redhat.com>

  14. Demo of openpgpkey-milter using OPENPGPKEY 14 Paul Wouters <pwouters@redhat.com>

  15. View of email send via postfix + openpgpkey-milter 15 Paul Wouters <pwouters@redhat.com>

  16. SSHFP record: enable DNSSEC in ssh client ● Can be done in user's own ~/.ssh/ssh_config ● Can be done globally in /etc/ssh/ssh_config ● To only display extra informational text for ssh, use: VerifyHostKeyDNS ask ● To automatically accept the key when found in DNS VerifyHostKeyDNS yes 16 Paul Wouters <pwouters@redhat.com>

  17. Connecting with ssh using VerifyHostKeyDNS ask 17 Paul Wouters <pwouters@redhat.com>

  18. Connecting with ssh using VerifyHostKeyDNS yes 18 Paul Wouters <pwouters@redhat.com>

  19. ssh client detecting Man-in-the-middle attack 19 Paul Wouters <pwouters@redhat.com>

Recommend

Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring

Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring

Expecting Larger Records When TLSA Is Deployed Paul Hoffman, VPN Consortium OARC 2011 Spring Workshop V.01 1 Overview What is DANE/TLSA What a TLSA request and resource record will probably look like Expectations for timing and

139 views • 9 slides
4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND

4/19/2013 Fast and reliable Portable and easy to install PRESERVING, GENERATING, AND VISUALIZING KNOWLEDGE OF ARCHITECTURALLY SIGNIFICANT REQUIREMENTS IN SOURCE CODE Institute for Software Research Distinguished Speaker Series University

534 views • 25 slides
Today Goals: Install the Java JDK Compiling and debugging Java programs at the command

Today Goals: Install the Java JDK Compiling and debugging Java programs at the command

Today Goals: Install the Java JDK Compiling and debugging Java programs at the command line Reading compiler error messages Generating Javadoc at the command line Submit Lab 1 If you have time (next slides): Install

404 views • 4 slides
TLS and TLSA Bindhumadhava B S &amp; Balaji R Computer Networks and Internet Engineering Group

TLS and TLSA Bindhumadhava B S &amp; Balaji R Computer Networks and Internet Engineering Group

TLS and TLSA Bindhumadhava B S &amp; Balaji R Computer Networks and Internet Engineering Group Centre for Development of Advanced Computing No. 68, Electronics City, Bangalore 560100 ICANN 57, Hyderabad 5 th November, 2016 C-DAC Centre for

417 views • 14 slides
Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating

Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating

Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating function is an alternate representation of an infinite sequence, which allows making useful deductions about the sequence (including, possibly, a closed

865 views • 17 slides
Perl Post Install Tests April 10, 2013 Upgrading dependencies w/o fear 1. You install a module

Perl Post Install Tests April 10, 2013 Upgrading dependencies w/o fear 1. You install a module

Perl Post Install Tests April 10, 2013 Upgrading dependencies w/o fear 1. You install a module named Bear 2. You install the module Human , which depends on the availability of Bears ride() method 3. You install an new version of Bear , which

220 views • 8 slides
Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does

Records Retention Program Training Managing Records in Schools The Records Liaison What does that mean? The guardian ofyour schools records Rule 2380 The RL knows what records are kept in your school The RL is the expert!

361 views • 13 slides
awe@columba $ apt install apache2 awe@columba $ apt install apache2 awe@columba $ vim

awe@columba $ apt install apache2 awe@columba $ apt install apache2 awe@columba $ vim

TORTOISE : IMPERATIVE SYSTEM CONFIGURATION REPAIR Aaron Weiss, Arjun Guha, Yuriy Brun Northeastern University and University of Massachusetts awe@columba $ apt install apache2 awe@columba $ apt install apache2 awe@columba $ vim

1.14k views • 95 slides
Risk and Records at UTS Records Management Program &gt; University Records, Governance Support

Risk and Records at UTS Records Management Program &gt; University Records, Governance Support

THINK.CHANGE.DO Risk and Records at UTS Records Management Program &gt; University Records, Governance Support Unit, Registrar, DVC (Corporate Services) 6 dedicated f/t positions &gt; Devolved system 2 campuses (city campus over

325 views • 13 slides
Jewelry Box JewelryBox Install RVM JewelryBox Install RVM Google rvm Click first result

Jewelry Box JewelryBox Install RVM JewelryBox Install RVM Google rvm Click first result

Jewelry Box JewelryBox Install RVM JewelryBox Install RVM Google rvm Click first result Copy script Paste and run script in terminal JewelryBox install ruby 1.9.2.something JewelryBox install ruby 1.9.2.something rvm list

207 views • 19 slides
Install and run chef-solo in minutes benjaminrtz@gmail.com Install chef ============ curl -L

Install and run chef-solo in minutes benjaminrtz@gmail.com Install chef ============ curl -L

Install and run chef-solo in minutes benjaminrtz@gmail.com Install chef ============ curl -L https://www.opscode.com/chef/install.sh | bash Check ===== # chef-solo -v Chef: 11.6.2 Setup chef repository ===================== #wget

571 views • 4 slides
AS/NZS ISO 30300 and AS/NZS ISO 30301 Management systems for records Presented by Judith Ellis

AS/NZS ISO 30300 and AS/NZS ISO 30301 Management systems for records Presented by Judith Ellis

AS/NZS ISO 30300 and AS/NZS ISO 30301 Management systems for records Presented by Judith Ellis Framework for Good Recordkeeping Records are evidence of business Records system Records system Records Records characteristics

404 views • 21 slides
Curve25519: Which public-key systems new Diffie-Hellman speed records are smallest? Fastest? D.

Curve25519: Which public-key systems new Diffie-Hellman speed records are smallest? Fastest? D.

Curve25519: Which public-key systems new Diffie-Hellman speed records are smallest? Fastest? D. J. Bernstein Real-world cost measures: Pentium cycles, Athlon cycles, Thanks to: etc. for generating keys, signing, University of Illinois at

541 views • 35 slides
A haiku. Todays 1. Who is a Records Custodian? Topics 2. Why is Records Management

A haiku. Todays 1. Who is a Records Custodian? Topics 2. Why is Records Management

RM1001 Records Custodian Training May 6, 2019 A haiku. Todays 1. Who is a Records Custodian? Topics 2. Why is Records Management important? 3. What is a Public Record? 4. What is Records Management? 5. Resources 2 1. Who is a

796 views • 33 slides
Everything You Ever Wanted To Know About Public Records (but didnt know how to ask) Why Have

Everything You Ever Wanted To Know About Public Records (but didnt know how to ask) Why Have

Everything You Ever Wanted To Know About Public Records (but didnt know how to ask) Why Have Open Records Laws? Sunshine concept Examples of Records Transparent &amp; Ethical Requests: Government Newspaper request for

281 views • 16 slides
0 # install nodejs # install git git clone https://github.com/loveencounterflow/CONTROLFLOW.git

0 # install nodejs # install git git clone https://github.com/loveencounterflow/CONTROLFLOW.git

Control Flow . . 0 # install nodejs # install git git clone https://github.com/loveencounterflow/CONTROLFLOW.git cd CONTROLFLOW npm install ./coffee try-catch-3.coffee Control Flow: The way we move through the elements that make up the

787 views • 51 slides
Install new track on Fully operational, December approach platforms 1-8 2018 Realign and

Install new track on Fully operational, December approach platforms 1-8 2018 Realign and

Former Waterloo International Terminal March 2016- July 2017 Install new August 5-28 2017 Closure of track, shorten platforms and Platforms 1-9 install bridge from concourse Extend Platforms 1-4 for 10- car suburban services Closes end

220 views • 9 slides
Lab 2 (Top Level View) Goals Install Eclipse Install Finch driver Debugging in

Lab 2 (Top Level View) Goals Install Eclipse Install Finch driver Debugging in

Lab 2 (Top Level View) Goals Install Eclipse Install Finch driver Debugging in Eclipse Using the Finch API Software Installation Download Eclipse Classic and Install: http://eclipse.org/downloads/ OR http://

374 views • 5 slides
Books and Records 1 Overview Records to be maintained Other Information 2 These se

Books and Records 1 Overview Records to be maintained Other Information 2 These se

Guidelines on maintaining Books and Records 1 Overview Records to be maintained Other Information 2 These se gu guidelin elines es are propo posed sed to be enacted cted as a part of the Regu gulati tions ons for External

283 views • 10 slides
Atikokan Generating Station Thunder Bay Generating Station March 5, 2013 Alberta Biomaterials

Atikokan Generating Station Thunder Bay Generating Station March 5, 2013 Alberta Biomaterials

Converting Northwest Thermal Atikokan Generating Station Thunder Bay Generating Station March 5, 2013 Alberta Biomaterials Development Centre ABDC Biomass Edmonton, AB Presented by: Brent Boyko, Station Manager, Atikokan Generating Station

591 views • 42 slides
WHAT ARE STUDENT RECORDS AND WHAT ARE PUBLIC RECORDS? (Whose Interests Are Being Served?)

WHAT ARE STUDENT RECORDS AND WHAT ARE PUBLIC RECORDS? (Whose Interests Are Being Served?)

WHAT ARE STUDENT RECORDS AND WHAT ARE PUBLIC RECORDS? (Whose Interests Are Being Served?) Presented by Jack B. Clarke, Jr. BEST BEST &amp; KRIEGER LLP February 15, 2018 ACSA SYMPOSIUM ANAHEIM, CALIFORNIA AN OVERVIEW 1. The Basics: The

648 views • 50 slides
PROCEDURE FOR GENERATING PROCEDURE FOR GENERATING XGN GENERATED MANIFEST XGN GENERATED MANIFEST

PROCEDURE FOR GENERATING PROCEDURE FOR GENERATING XGN GENERATED MANIFEST XGN GENERATED MANIFEST

PROCEDURE FOR GENERATING PROCEDURE FOR GENERATING XGN GENERATED MANIFEST XGN GENERATED MANIFEST STEP 1: Visit below URL (Preferred Internet Explorer) htup://gpcbxgn.gujarat.gov.in/login.aspx STEP2: Enter User Id &amp; Password received from

291 views • 10 slides
Public Records Public Records Public Records Office Public Records Office Finance Finance

Public Records Public Records Public Records Office Public Records Office Finance Finance

WA S H I N G T O N S T AT E U N I V E R S I T Y Public Records Public Records Public Records Office Public Records Office Finance Finance &amp; &amp; Adminis Administration ration May 2020 Overview Public Records Law Public

319 views • 9 slides
Welcome THE KNOW YOUR RECORDS PROGRAM provides information on how to access and do research

Welcome THE KNOW YOUR RECORDS PROGRAM provides information on how to access and do research

Welcome THE KNOW YOUR RECORDS PROGRAM provides information on how to access and do research using U.S. Federal Government records held at the National Archives and Records Administration. View hundreds of video recordings and materials at

644 views • 46 slides

More recommend