diff --git a/content/posts/howto/_index.md b/content/posts/howto/_index.md new file mode 100644 index 0000000..9d17f7b --- /dev/null +++ b/content/posts/howto/_index.md @@ -0,0 +1,7 @@ +--- +title: How-To +ShowReadingTime: false +ShowWordCount: false +--- + +If it ain't broken, don't fix it \ No newline at end of file diff --git a/content/posts/howto/principes-de-cryptologie-et-chiffrement .md b/content/posts/howto/principes-de-cryptologie-et-chiffrement .md new file mode 100644 index 0000000..6abe0d5 --- /dev/null +++ b/content/posts/howto/principes-de-cryptologie-et-chiffrement .md @@ -0,0 +1,40 @@ +--- +title: "Principes de cryptologie et chiffrement - cnil.fr" +date: 2016-10-29T10:50:00+06:00 +draft: false +tags: ["encryption","infosec","how to","CNIL"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "/images/" + alt: "" + caption: "" +--- +[Comprendre les grands principes de la cryptologie et du chiffrement +](https://www.cnil.fr/fr/comprendre-les-grands-principes-de-la-cryptologie-et-du-chiffrement) +-- cnil.fr + +La cryptologie ne se limite plus aujourd’hui à assurer la **confidentialité** des secrets. Elle s’est élargie au fait d’assurer mathématiquement d’autres notions : assurer **l’authenticité** d’un message ou encore assurer son **intégrité**. + +Pour assurer ces usages, la cryptologie regroupe quatre principales fonctions : le hachage avec ou sans clé, la signature numérique et le chiffrement. + +![Les usages de la cryptographie](/images/usages-de-cryptographie.png "Les usages de la cryptographie") +*Les usages de la cryptographie* + +## Assurer l’intégrité du message: le hachage + +![Le hashage](/images/hachage-et-hachage-a-cle.png "Les fonctions de hachage et de hachage à clé") +*Le hachage* + +## Assurer l’authenticité du message : la signature + +![La signature](/images/signatures-numeriques.png "Assurer l’authenticité du message : la signature") +*La signature* + +## Assurer la confidentialité du message : le chiffrement + +![Le chiffrement](/images/chiffrement.png "Assurer la confidentialité du message : le chiffrement") +*Le chiffrement* \ No newline at end of file diff --git a/content/posts/howto/protect-domain-name-without-email.md b/content/posts/howto/protect-domain-name-without-email.md new file mode 100644 index 0000000..82aad08 --- /dev/null +++ b/content/posts/howto/protect-domain-name-without-email.md @@ -0,0 +1,67 @@ +--- +title: "Protect a parked domain without email" +date: 2023-01-05T19:15:00+01:00 +draft: false +tags: ["how-to","tech","email"] +author: "Olivier Falcoz" +hidemeta: false +ShowReadingTime: true +ShowPostNavLinks: true +showtoc: false +cover: + image: "/images/" + alt: "" + caption: "" +--- +## DNS entries for a parked domain that does not send emails but has a website + +| Hostname | Type | TTL | Data | +|:------------:|:----:|:----:|:-------------:| +| `@` | `MX` |`1800`|`0 .` | +| `@` | `TXT`|`1800`|`"v=spf1 -all"`| +|`*._domainkey`| `TXT`|`1800`|`"v=DKIM1; p="`| +| `_dmarc` | `TXT`|`1800`|`"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"`| + +### DNS entries explained + +#### Null MX +Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505). +``` +@ 1800 IN MX 0 . +``` + +#### SPF +Set an an empty policy and a hard fail. + +``` +@ 1800 IN TXT "v=spf1 -all" +``` + +#### DKIM + +``` +*._domainkey 1800 IN TXT "v=DKIM1; p=" +``` + +#### DMARC + +Set DMARC policy to reject emails[^1] +``` +_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;" +``` +or + +Set DMARC policy to reject mails, but allow reporting to take place[^2] +``` +_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com" +``` + +## DNS entries for a parked domain that does not send emails + +* Don't use an `A` or `AAAA` record for parked domains; +* Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective: + * redirect `http://example.com` to `https://example.com` + * when using `HTTPS`, redirect `https://example.com` to `https://example.org`. + +[^1]: **Credit:** akc3n’s [page of notes](https://akc3n.page/gists/#dns) +[^2]: **Credit:** the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-)