Upload files to "content/posts/howto"

content/posts/howto/_index.md

@@ -0,0 +1,7 @@
+---
+title: How-To
+ShowReadingTime: false
+ShowWordCount: false
+---
+
+If it ain't broken, don't fix it

content/posts/howto/principes-de-cryptologie-et-chiffrement .md

@@ -0,0 +1,40 @@
+---
+title: "Principes de cryptologie et chiffrement - cnil.fr"
+date: 2016-10-29T10:50:00+06:00
+draft: false
+tags: ["encryption","infosec","how to","CNIL"]
+author: "Olivier Falcoz"
+hidemeta: false
+ShowReadingTime: true
+ShowPostNavLinks: true
+showtoc: false
+cover:
+  image: "/images/"
+  alt: "<alt text>"
+  caption: "<text>"
+---
+[Comprendre les grands principes de la cryptologie et du chiffrement
+](https://www.cnil.fr/fr/comprendre-les-grands-principes-de-la-cryptologie-et-du-chiffrement)  
+-- cnil.fr
+
+La cryptologie ne se limite plus aujourd’hui à assurer la **confidentialité** des secrets. Elle s’est élargie au fait d’assurer mathématiquement d’autres notions : assurer **l’authenticité** d’un message ou encore assurer son **intégrité**.
+
+Pour assurer ces usages, la cryptologie regroupe quatre principales fonctions : le hachage avec ou sans clé,  la signature numérique et le chiffrement.
+
+![Les usages de la cryptographie](/images/usages-de-cryptographie.png "Les usages de la cryptographie")
+*Les usages de la cryptographie*
+
+## Assurer l’intégrité du message: le hachage
+
+![Le hashage](/images/hachage-et-hachage-a-cle.png "Les fonctions de hachage et de hachage à clé")
+*Le hachage*
+
+## Assurer l’authenticité du message : la signature
+
+![La signature](/images/signatures-numeriques.png "Assurer l’authenticité du message : la signature")
+*La signature*
+
+## Assurer la confidentialité du message : le chiffrement
+
+![Le chiffrement](/images/chiffrement.png "Assurer la confidentialité du message : le chiffrement")
+*Le chiffrement*

content/posts/howto/protect-domain-name-without-email.md

@@ -0,0 +1,67 @@
+---
+title: "Protect a parked domain without email"
+date: 2023-01-05T19:15:00+01:00
+draft: false
+tags: ["how-to","tech","email"]
+author: "Olivier Falcoz"
+hidemeta: false
+ShowReadingTime: true
+ShowPostNavLinks: true
+showtoc: false
+cover:
+  image: "/images/"
+  alt: "<alt text>"
+  caption: "<text>"
+---
+## DNS entries for a parked domain that does not send emails but has a website
+
+| Hostname | Type | TTL | Data |
+|:------------:|:----:|:----:|:-------------:|
+|      `@`     | `MX` |`1800`|`0 .`          |
+|      `@`     | `TXT`|`1800`|`"v=spf1 -all"`|
+|`*._domainkey`| `TXT`|`1800`|`"v=DKIM1; p="`|
+|    `_dmarc`  | `TXT`|`1800`|`"v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"`|
+
+### DNS entries explained
+
+#### Null MX
+Explicitly configure an 'empty' MX record according to [RFC7505](https://tools.ietf.org/html/rfc7505).
+```
+@ 1800 IN MX 0 .
+```
+
+#### SPF
+Set an an empty policy and a hard fail.
+
+```
+@ 1800 IN TXT "v=spf1 -all"
+```
+
+#### DKIM
+
+```
+*._domainkey 1800 IN TXT "v=DKIM1; p="
+```
+
+#### DMARC
+
+Set DMARC policy to reject emails[^1]
+```
+_dmarc 1800 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;"
+```
+or
+
+Set DMARC policy to reject mails, but allow reporting to take place[^2] 
+```
+_dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com"
+```
+
+## DNS entries for a parked domain that does not send emails
+
+* Don't use an `A` or `AAAA` record for parked domains;
+* Don't redirect from parked domain `example.com` to the used domain `example.org`, since this encourages users to keep using the parked `example.com`. If a redirect is desirable, make sure to use the proper redirect order in order for HSTS headers to remain effective:
+	* redirect `http://example.com` to `https://example.com`
+	* when using `HTTPS`, redirect `https://example.com` to `https://example.org`.
+
+[^1]: **Credit:** akc3n’s [page of notes](https://akc3n.page/gists/#dns) 
+[^2]: **Credit:** the [Dutch Internet Standards Platform](https://github.com/internetstandards/toolbox-wiki/blob/main/parked-domain-how-to.md#what-is-a-parked-domain-)