appliedprivacy

Support for IP address based certificates will become relevant for all operators of encrypted DNS services due to the requirements in DDR https://datatracker.ietf.org/doc/draft-ietf-add-ddr/ (section: 4.2 Verified Discovery).

HPKE [RFC 9180](https://www.rfc-editor.org/rfc/rfc9180.html) has been recently published (Feb 2022). This github repo lists a few implementations: https://github.com/cfrg/draft-irtf-cfrg-hpke#existing-hpke-implementations We are happy to help with testing ODoH code in dnsdist in the...

RFC9230 ODoH has been published: https://www.rfc-editor.org/info/rfc9230

coming from: https://talk.desec.io/t/restricted-access-tokens-for-letsencrypt-dns-challenge/37 When designing scoped tokens please allow for a token that is authorized to create multiple DNS records in one or multiple zones so that this use case...

coming from: https://talk.desec.io/t/plans-to-support-2-factor-authentication/33 Great to see it is already a ticket. If you haven't decided on the specifics yet, here is some food for thought when you design your 2FA:...

Thanks a lot! minor nit: what do you think of autosubmitting the login form after the 6 digits got entered (like github does)?

Thanks for implementing the auto-submit functionality! Currently, disabling 2FA on an account with 2FA enabled requires no additional steps that you usually see in other places, like having to enter...

> When 2FA is activated for an account, then removing a 2FA token only works if the session that is used for doing so is authenticated via 2FA. [...] >...

If there is no good reason to keep the binary writable to the user running the service I'll change that to root (task: propagate blackbox exporter binary)

according to upstream this is solved in ansible-core 2.12 https://github.com/ansible/ansible/issues/66916#issuecomment-852410363