Who is the special OpenID Connect URL "self-issued.me" issued to, and is it a risk?

OpenID Connect defines a special use case for self-issued.me and it’s registered overseas to what I assume is a fictional name.

What is the risk of someone owning this domain w.r.t. OpenID Connect?

self-issued.me
Domain Na… Continue reading Who is the special OpenID Connect URL "self-issued.me" issued to, and is it a risk?

Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?

For example:

Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?

For example:

Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Is there an encryption algorithm that allows for a single payload to have two different outputs based on the password?

Suppose I have some confidential information that is encrypted and I’m forced/compelled to disclose that password.

My goal is to make that decrypted payload seem meaningful / and the password valid.

Is there any such algo… Continue reading Is there an encryption algorithm that allows for a single payload to have two different outputs based on the password?