Is DANE-EE TLSA version 3 (Domain-issued certificate from rfc6698) still supported in 2023?

I would like to setup a webserver using TLS without relying on third party CA.
Is it still possible in 2023 ?
FreeBSD was using the feature and is now using Let’s Encrypt (as well as a lot of privacy-conscious projects)
Do you have an exam… Continue reading Is DANE-EE TLSA version 3 (Domain-issued certificate from rfc6698) still supported in 2023?

Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?

For example:

Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Would DNSSec and DANE be more secure if the same key was published to different TLDs?

Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?

For example:

Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?