Your workaround is precisely why I said “more practical”. Any updates to your tooling might break it because it’s not an expected usecase
Natanael
Cryptography nerd
Fediverse accounts;
Natanael@slrpnk.net (main)
Natanael@infosec.pub
Natanael@lemmy.zip
@Natanael_L@mastodon.social
Bluesky: natanael.bsky.social
- 0 Posts
- 4 Comments
Joined 2 years ago
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
link Englishfedilink 1arrow-up 1·arrow-down 4 months agoedit-2
link Englishfedilink 1arrow-up 1·arrow-down 4 months agoedit-2 You don’t want FIDO2 security tokens for that, use an OpenPGP applet (works with some Yubikeys and with many programmable smartcards). Much more practical for authenticating a server.
BTW we have a lot of cryptography experts in www.reddit.com/r/crypto (yes I know, I’m trying to get the community moved, I’ve been moderating it for a decade and it’s a slow process)
link Englishfedilink 2 years ago5arrow-up 2·arrow-down Yup, it’s more like self administration or something like that
Wireguard is most reliable in terms of security. For censorship resistance, it’s all about tunneling it in a way that looks indistinguishable from normal traffic
Domain or IP doesn’t make much of a difference. If somebody can block one they can block the other. The trick is not getting flagged. Domain does make it easier to administer though with stuff like dyndns, but then you also need to make sure eSNI is available (especially if it’s on hosting) and that you’re using encrypted DNS lookups