{"guid":"5d71aae2-bc0c-52d0-80d1-443103928101","title":"Domain-Automatisierung mit cryptdomainmgr","subtitle":null,"slug":"eh19-129-domain-automatisierung-mit-cryptdomainmgr","link":"https://conference.c3w.at/eh19/talk/VTVWTG/","description":"Cryptdomainmgr ist ein Python-Programm, welches TLS-Zertifikate, TLSA-Domaineinträge und DKIM-Schlüssel automatisch erneuert.\n\nDas Verfahren \"DNS-Based Authentication of Named Entities\" (DANE) koppelt TLS-Zertifikate über Hashwerte (TLSA-Einträge) an die DNS-Zone. Im Falle einer kompromittierten Zertifizierungsstelle (CA) kann über den DNS-Eintrag die Richtigkeit des Zertifikates nachgewiesen werden. An unberechtigte Dritte ausgestellte Zertifikate werden entlarvt. Die DNS-Zone darf jedoch nicht kompromittiert sein und sollte per DNSSEC abgesichert werden.\n\nUm den Versand betrügerischer E-Mails zu erschweren, signieren Mailserver E-Mails mit mit einem DKIM-Schlüssel. Die Signatur kann über den DKIM-Eintrag in der Absenderdomain validiert werden. Das Fälschen der Absenderdomain wird dadurch entdeckt.\n\nDie asymmetrischen Schlüsselpaare für die DKIM-Signatur und TLS-Zertifikate müssen regelmäßig erneuert werden, um den Angriffszeitraum bei gebrochenen Schlüsseln gering zu halten.\n\nCryptdomainmgr erneuert die Schlüssel sowie DH-Parameter automatsich lückenlos ohne Downtime in drei Phasen: Prepare, Rollover, Cleanup. Auch negative Caching stellt dadurch kein Problem dar.","original_language":"deu","persons":["Stefan Helmert (Tesla42)"],"view_count":122,"promoted":false,"date":"2019-04-20T00:00:00.000+02:00","release_date":"2019-04-20T02:00:00.000+02:00","updated_at":"2025-12-30T13:15:18.381+01:00","tags":["eh19","129","eh19","easterhegg","Wien","c3w"],"length":2675,"duration":2675,"thumb_url":"https://static.media.ccc.de/media/conferences/eh2019/129-hd.jpg","poster_url":"https://static.media.ccc.de/media/conferences/eh2019/129-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/eh2019/129-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/eh2019/129-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/eh19-129-domain-automatisierung-mit-cryptdomainmgr","url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_title":"Easterhegg 2019","conference_url":"https://api.media.ccc.de/public/conferences/eh19","related":[{"event_id":6926,"event_guid":"e51e5695-68c6-52f8-828b-472a204ffaec","weight":8},{"event_id":6927,"event_guid":"9463b562-8353-562e-8484-f9cac7749407","weight":6},{"event_id":6928,"event_guid":"1831ec0e-98c1-58a1-9131-cc74571b1106","weight":10},{"event_id":6932,"event_guid":"3ac46290-51e0-5ee2-93a0-8fb4b99cf67c","weight":9},{"event_id":6938,"event_guid":"4d840d36-1b6a-582f-803e-01f90a5f696a","weight":6},{"event_id":6943,"event_guid":"51bbfc4c-ee81-57db-83d6-15255179dde9","weight":9}],"recordings":[{"size":223,"length":2675,"mime_type":"video/mp4","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-04-20T17:59:06.376+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/h264-hd/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_hd.mp4","url":"https://api.media.ccc.de/public/recordings/34625","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"},{"size":26,"length":2675,"mime_type":"audio/opus","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-04-20T18:06:04.679+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/opus/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_opus.opus","url":"https://api.media.ccc.de/public/recordings/34640","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"},{"size":85,"length":2675,"mime_type":"video/mp4","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-04-20T18:06:26.134+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/h264-sd/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_sd.mp4","url":"https://api.media.ccc.de/public/recordings/34641","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"},{"size":40,"length":2675,"mime_type":"audio/mpeg","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-04-20T18:07:05.652+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/mp3/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/34642","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"},{"size":154,"length":2675,"mime_type":"video/webm","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-04-20T18:11:38.792+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/webm-sd/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/34644","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"},{"size":338,"length":2675,"mime_type":"video/webm","language":"deu","filename":"eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-04-20T18:40:12.399+02:00","recording_url":"https://cdn.media.ccc.de/events/eh2019/webm-hd/eh19-129-deu-Domain-Automatisierung_mit_cryptdomainmgr_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/34647","event_url":"https://api.media.ccc.de/public/events/5d71aae2-bc0c-52d0-80d1-443103928101","conference_url":"https://api.media.ccc.de/public/conferences/eh19"}]}