No Image

Carl Byington


Joined on August 9, 2006
Total Post Views: 22,425

About

Information about this member is not available yet.

Except where otherwise noted, all postings by Carl Byington on CircleID are licensed under a Creative Commons License.

Featured Blogs

DNSSEC - Failure to Launch

DNSSEC is a mechanism where clients can verify the authenticity of the answers they receive from servers. There are two sides here. The server must supply signed answers, and the client must verify the signatures on those answers. The validation/verification side is widely implemented, but there are very few signed zones... However, if no one signs their zones, those validating resolvers don't have many signatures to check. more

Logjam, Openssl and Email Deliverability

RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more

Topic Interests

EmailDNS SecurityDNSNew TLDsDomain NamesRegistry ServicesSpamICANNCybersecurityThreat IntelligenceBroadbandTelecomWebLaw IPv4 MarketsCensorshipCybercrimeAccess ProvidersMalwareNetworksIPv6 TransitionWhoisPrivacyInternet ProtocolInternet GovernanceRegional RegistriesCyberattackDDoS AttackPolicy & RegulationUDRP

Recent Comments

Say YES to DNSSEC
Say YES to DNSSEC
Humming an Open Internet Demise in London?
Have We Reached Peak Use of DNSSEC?
Have We Reached Peak Use of DNSSEC?

Popular Posts

DNSSEC - Failure to Launch

Logjam, Openssl and Email Deliverability