This is an experimental Internet security thread for anyone willing to discuss, help newbies or learn more about Internet security in general.
>DNS
Who among you are using DNSSEC [1, 2] already? Have you considered TLSA (DANE [3]), SSHFP [4], OPENPGPKEY [5] resource records (RRs) yet?
>HTTP
Who among you are running your own Web server? Do you secure your traffic with TLS and HTTP security headers? Do you use HSTS [6] to enforce a secure connection? Do use HPKP [7] for certificate pinning? Do you use CSP [8] to enforce content restrictions?
Who among you are running your own mail server (MTA)? Do you secure your traffic with (START)TLS? Do you use SPF [9] to restrict only authorised hosts to send mails? Do you use DKIM [10] to cryptographically verify message authenticity? Do you use DMARC [11] to set domain-level message handling policies?
Share your thoughts!
>Newbies section
There are numerous introductory videos about DNSSEC [12, 13], SPF [14], DKIM [15] and DMARC [16] to familiarise yourself more with. There are also numerous websites [17, 18, 19, 20, 21] that can help you check your server's security.
[1] https://tools.ietf.org/html/rfc4033
[2] http://www.dnssec.net/
[3] https://tools.ietf.org/html/rfc6698
[4] https://tools.ietf.org/html/rfc4255
[5] https://tools.ietf.org/html/rfc7929
[6] https://tools.ietf.org/html/rfc6797
[7] https://tools.ietf.org/html/rfc7469
[8] https://www.w3.org/TR/CSP2/
[9] https://tools.ietf.org/html/rfc7208
[10] https://tools.ietf.org/html/rfc6376
[11] https://tools.ietf.org/html/rfc7489
[12] https://www.youtube.com/watch?v=lTABuMxO2AM
[13] https://www.youtube.com/watch?v=qlto6GfZEvA
[14] https://www.youtube.com/watch?v=WFPYrAr1boU
[15] https://www.youtube.com/watch?v=yHv1OPcc-gw
[16] https://www.youtube.com/watch?v=kGk-Af_92Bk
[17] http://dnsviz.net/
[18] https://www.ssllabs.com/ssltest/index.html
[19] https://observatory.mozilla.org/
[20] https://securityheaders.io/
[21] https://www.mail-tester.com/
>>60859929
I use dnscrypt, and most of their servers use DNSSEC
wanted to try hosting an email-server on my raspberry-pi, is it feasible?
Bumping for helpful content.