No Image

Carl Byington

Joined on August 9, 2006 – United States
Total Post Views: 14,786


Information about this member is not available yet.

Except where otherwise noted, all postings by Carl Byington on CircleID are licensed under a Creative Commons License.

Featured Blogs

DNSSEC - Failure to Launch

DNSSEC is a mechanism where clients can verify the authenticity of the answers they receive from servers. There are two sides here. The server must supply signed answers, and the client must verify the signatures on those answers. The validation/verification side is widely implemented, but there are very few signed zones... However, if no one signs their zones, those validating resolvers don't have many signatures to check. more

Logjam, Openssl and Email Deliverability

RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more

Topic Interests

EmailDNS SecurityDNSDomain NamesRegistry ServicesNew TLDsSpamICANNCybersecurityBroadbandTelecomWebLawIP AddressingCensorshipCybercrimeAccess ProvidersInternet GovernanceMalwareNetworksIPv6CyberattackWhoisPrivacyInternet ProtocolRegional RegistriesDDoSPolicy & RegulationUDRP

Recent Comments

Popular Posts

DNSSEC - Failure to Launch

Logjam, Openssl and Email Deliverability