Tag Archives: TLS

DANE featured image

How to use DANE/TLSA

DNS-based Authentication of Named Entities (DANE) is a great feature that uses the advantages of a DNSSEC signed zone in order to tell the client which TLS certificate he has to expect when connecting to a secure destination over HTTPS or SMTPS. Via a secure channel (DNSSEC) the client can request the public key of the server. This means, that a Man-in-the-Middle attack (MITM) with a spoofed certificate would be exposed directly, i.e., is not possible anymore. Furthermore, the trust to certificate authorities (CAs) is not needed anymore.

In this blog post I will show how to use DANE and its DNS records within an authoritative DNS server to provide enhanced security features for the public.

Continue reading How to use DANE/TLSA

PFS Featured Image

At a Glance: Perfect Forward Secrecy (PFS)

During the last few months the concept of Perfect Forward Secrecy (PFS) was presented on many newspapers and guidelines. This concept is related to the session key generation for SSL/TLS as well as for IPsec tunnels. And even though many of these articles describe the benefit of PFS, I was still missing a picture that shows the main difference between the classical key exchange via RSA and the exchange via Diffie-Hellman with PFS. So, here comes my poster. ­čśë

Continue reading At a Glance: Perfect Forward Secrecy (PFS)

E-Mail ├ťbertragung Verschl├╝sselung Grob

E-Mail ├ťbertragung verschl├╝sseln

Zur Zeit wird viel ├╝ber Abh├Ârma├čnahmen im Internet und speziell ├╝ber das generelle Mitschneiden von Traffic normaler User geredet. Und w├Ąhrend gro├če Firmen gezielt Verschl├╝sselungstechniken einsetzen k├Ânnen hat der Otto Normalverbraucher kaum das Wissen, um ernsthaft etwas gegen das Mitschneiden seiner Daten zu tun. Dabei ist es gar nicht so schwer, zumindest die ├ťbertragung der eigenen E-Mails hin zu seinem Provider ├╝ber entsprechende Ma├čnahmen abzusichern. Ob man damit die internationalen Geheimdienste aussperrt bleibt fraglich, aber zumindest schr├Ąnkt man das Mitlesen der privaten E-Mails durch Unbefugte im Internet deutlich ein! Hier kommt also eine Erkl├Ąrung inkl. einiger Screenshots der g├Ąngigen E-Mail Programme und Smartphones, um die eigenen E-Mails ├╝ber einen verschl├╝sselten Kanal zu ├╝bertragen. Continue reading E-Mail ├ťbertragung verschl├╝sseln