☭
I'm too tired to properly look into it, anyone can explain DNSSEC to me? Why does it exist and how does it work?
@vaporeon_ unencrypted DNS requests are a potential MITM attack. you could modify a request and the client to hit your own server instead, HSTS preload notwithstanding
@aescling Oh, and what's HSTS preload? I vaguely remember HSTS being something about only allowing the website to be connected to over HTTPS and not over HTTP?
@vaporeon_ HSTS purreload is a way to register a domain as known-HSTS with an authority that the major browsers download a massive list of known-HSTS domains from (at build time? or maybe even directly into the source code?) and ship with. the idea is to purrevent a MITM attack during the furst (otherwise necessarily unencrypted) visit to the website from being pawsible
@vaporeon_ i don't know how exactly it works though so i can't answer that part