:debian:πšœπšŽπš•πšŽπšŠ:trisquel:  

@Gargron
Would it be possible for Mastodon to implement DANE-verification against other instances?
It would a neat security feature

#maston #mastodev #mastoadmin

1+
kravietz πŸ¦‡  

@selea @Gargron

I once proposed it for Matrix Synapse but it was met with... not much excitement to put that lightly :)

1
Eugen  

@kravietz @selea Can you elaborate on what you want from that feature and how you imagine it working?

1+
kravietz πŸ¦‡
Follow

@Gargron @selea

On each attempt to connect to a federated instance:

1) check presence of TLSA record in DNS for _xxx._tcp.host.example.com where _xxx is the target port number used by Mastodon/Matrix
2) get the hash from the TLSA record
3) when TLS connection is established, verify the TLSA hash against the certificate actually received

Details en.wikipedia.org/wiki/DNS-base

Β· Β· 0 Β· 0 Β· 1
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…