/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

educatedguesswork.org
| | www.netmeister.org
2.3 parsecs away

Travel
| | [AI summary] The text discusses DNSSEC and DANE, their potential benefits for enhancing security, and the challenges in their adoption. It highlights the importance of these technologies in securing communications and the current limitations in browser and client support. The author also reflects on the trade-offs and complexities involved in implementing DNSSEC/DANE and considers alternative security solutions.
| | blog.uvokchee.de
4.0 parsecs away

Travel
| | Update 2025-01-15: Add links to tools, add clarification for DNSSEC tool, add clarification for validation errors/warnings.
| | www.isc.org
3.2 parsecs away

Travel
| | BIND 9 fully supports DNSSEC and we encourage the use of DNSSEC as a best practice
| | blog.christianposta.com
27.1 parsecs away

Travel
| In the previous blog, we dug into dynamically registering OAuth clients leveraging SPIFFE and SPIRE. We used SPIRE to issue software statements in the SPIFFE JWT SVID that Keycloak can trust as part of Dynamic Client Registration (RFC 7591). Once we have an OAuth client, we will want to continue to use SPIFFE to authenticate to our Authorization Server. This eliminates the need for a long-lived "client secret" which is common for Confidential OAuth. This means we can use the Agent or MCP client's identity (based on SPIFFE) for authorization flows based on OAuth. We dig into that in this blog.