From d9fb28388e718248637aec1e28bdb681611f6a9b Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Mon, 22 Dec 2014 18:21:13 +0000 Subject: [PATCH] Add some useful-looking TLSA records to hedge against CA uselessness. Organization: Straylight/Edgeware From: Mark Wooding Also to help convince outsiders about our own CA. --- certs/distorted-ca.cert | 110 +++++++++++++++++++++++++++++ certs/http-server-www#1.cert | 130 +++++++++++++++++++++++++++++++++++ distorted.lisp | 12 ++++ 3 files changed, 252 insertions(+) create mode 100644 certs/distorted-ca.cert create mode 100644 certs/http-server-www#1.cert diff --git a/certs/distorted-ca.cert b/certs/distorted-ca.cert new file mode 100644 index 0000000..4aff3dd --- /dev/null +++ b/certs/distorted-ca.cert @@ -0,0 +1,110 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16570956933538312940 (0xe5f7dd88cbd8f2ec) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=GB, ST=Cambridgeshire, L=Cambridge, O=distorted.org.uk, CN=distorted.org.uk Certificate Authority/emailAddress=ca@distorted.org.uk + Validity + Not Before: Dec 1 14:27:13 2012 GMT + Not After : Nov 29 14:27:13 2022 GMT + Subject: C=GB, ST=Cambridgeshire, L=Cambridge, O=distorted.org.uk, CN=distorted.org.uk Certificate Authority/emailAddress=ca@distorted.org.uk + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (3072 bit) + Modulus: + 00:ba:88:24:78:37:a2:42:8b:1a:03:88:28:46:d8: + dc:ad:3a:20:ba:2e:d0:fd:3b:b1:09:64:4a:63:35: + cb:ff:ab:c4:b3:31:19:80:00:ca:67:b8:90:86:3d: + fd:2c:72:c4:31:40:99:00:e8:cf:4e:72:54:9a:6e: + b1:11:ed:0b:c5:de:9d:88:f2:03:93:f1:ee:3a:d9: + 56:4e:cb:c7:5c:2e:c3:41:e4:d8:d3:a9:cd:54:b1: + 43:e4:4f:24:f4:1c:d6:3d:11:f1:12:b4:a5:89:4a: + d5:8e:99:6c:ef:85:ca:64:23:07:3b:f6:91:fa:86: + e9:db:55:5f:8d:2c:5f:8b:dd:0e:02:49:59:4a:31: + b9:57:6a:97:f9:50:e4:5a:f6:df:20:53:4f:53:bb: + 01:08:f6:2c:59:08:db:6b:ee:b9:e2:ef:db:f6:35: + 24:12:29:e7:10:49:52:80:8e:9f:d3:16:96:94:ae: + 68:bc:40:c9:a7:9a:08:9c:7e:4f:d0:c1:ae:45:b0: + 8a:da:a6:60:5d:29:06:8f:a3:af:ed:72:1a:ef:c6: + cf:bf:2b:3f:c0:2f:26:30:85:63:04:4b:61:8c:20: + da:0a:f9:c1:4a:10:66:bf:ab:fe:ef:41:55:d3:c9: + ab:29:a9:03:94:f0:13:08:a2:14:f3:e8:50:c4:01: + 31:41:61:06:e9:14:13:3b:52:bb:01:ef:09:40:4f: + 27:78:7b:6e:13:61:6c:24:ce:bf:60:c0:06:eb:87: + 31:ac:00:b0:f1:0a:5c:3b:72:92:3a:3c:ee:8a:69: + 22:25:af:87:21:5e:47:98:62:86:0e:2b:72:87:ad: + 7d:a9:79:5f:80:3b:52:1c:f8:9b:09:72:ce:9a:e9: + d2:07:3e:1e:58:d9:1c:5b:3f:e3:cc:4e:ef:9d:54: + 45:91:83:6a:99:92:9a:42:b1:54:ff:67:9d:fc:49: + 02:9f:b0:cd:7d:3a:d1:8f:5b:d3:69:dd:ba:eb:08: + c6:7e:4a:80:58:d6:0f:10:c5:3f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign + X509v3 Subject Key Identifier: + 73:9C:A1:60:E2:B2:1B:D0:F2:10:33:C1:11:97:73:9A:6E:5B:AB:CA + X509v3 Subject Alternative Name: + email:ca@distorted.org.uk + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.distorted.org.uk/ca/crl + + Signature Algorithm: sha256WithRSAEncryption + 6b:1f:b0:49:bc:07:25:8a:75:47:03:b4:85:47:c8:b6:9b:93: + 6b:7c:aa:c9:15:74:eb:d2:81:57:10:e2:6c:b6:42:4a:4b:18: + 11:80:04:1b:1e:67:63:41:70:a1:b3:2a:6c:e6:82:77:9d:a4: + 83:9e:f0:e4:c7:0e:56:0f:f1:1e:61:ff:a3:27:f1:4b:aa:9a: + fd:27:a7:ba:13:f9:9a:b6:b8:e6:6d:78:fc:2b:21:5f:62:b7: + 73:3a:38:94:30:4e:80:b7:1f:84:dc:1a:68:da:fa:99:19:08: + c3:e0:7f:d2:08:8b:25:c1:69:e5:d5:24:5e:33:4c:5c:cc:d2: + a7:27:2b:01:da:3c:50:c3:58:64:73:f7:7f:88:12:b5:6e:41: + eb:07:8e:c5:79:e7:3d:e1:da:e6:9b:3c:c8:c4:b9:92:71:a1: + 5d:01:95:4e:92:9e:e5:7f:ed:71:e4:27:3e:97:10:de:5d:1a: + a1:37:a3:1f:f0:fe:09:fe:ce:72:e7:f5:a0:5c:54:19:6f:f7: + 62:a8:c8:66:09:77:6c:d8:73:d9:1d:c0:cd:65:c9:bd:27:9a: + 8a:10:dc:0b:1e:08:ec:39:99:50:89:2f:bc:ca:a2:13:55:c6: + 7f:2c:96:f1:2b:46:cf:9c:70:31:9d:7f:11:72:18:67:5d:a7: + c9:03:a7:1f:6b:cc:ac:a3:ae:e2:2e:01:bd:7f:a3:8d:ca:aa: + 20:72:9c:81:84:5b:34:c5:93:1a:bd:e7:52:4f:00:9a:dd:c3: + af:0a:a1:e4:64:aa:d9:62:80:ce:b9:c8:57:38:03:54:d0:e1: + ae:0c:a9:09:da:44:88:32:58:0d:58:1f:6d:f5:c8:9b:65:fe: + 02:57:44:ea:e1:ae:42:5f:63:24:b6:f2:99:d8:e0:3d:35:6c: + 64:da:f7:7f:1c:f7:31:96:a4:38:93:ca:10:bc:e6:bf:d8:92: + ae:bc:e2:c1:df:57:45:6b:71:7b:d0:ea:43:8e:c7:87:61:77: + 16:17:10:01:ef:6b +-----BEGIN CERTIFICATE----- +MIIFcjCCA9qgAwIBAgIJAOX33YjL2PLsMA0GCSqGSIb3DQEBCwUAMIGqMQswCQYD +VQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hpcmUxEjAQBgNVBAcTCUNhbWJy +aWRnZTEZMBcGA1UEChMQZGlzdG9ydGVkLm9yZy51azEvMC0GA1UEAxMmZGlzdG9y +dGVkLm9yZy51ayBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEW +E2NhQGRpc3RvcnRlZC5vcmcudWswHhcNMTIxMjAxMTQyNzEzWhcNMjIxMTI5MTQy +NzEzWjCBqjELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIw +EAYDVQQHEwlDYW1icmlkZ2UxGTAXBgNVBAoTEGRpc3RvcnRlZC5vcmcudWsxLzAt +BgNVBAMTJmRpc3RvcnRlZC5vcmcudWsgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSIw +IAYJKoZIhvcNAQkBFhNjYUBkaXN0b3J0ZWQub3JnLnVrMIIBojANBgkqhkiG9w0B +AQEFAAOCAY8AMIIBigKCAYEAuogkeDeiQosaA4goRtjcrTogui7Q/TuxCWRKYzXL +/6vEszEZgADKZ7iQhj39LHLEMUCZAOjPTnJUmm6xEe0Lxd6diPIDk/HuOtlWTsvH +XC7DQeTY06nNVLFD5E8k9BzWPRHxErSliUrVjpls74XKZCMHO/aR+obp21VfjSxf +i90OAklZSjG5V2qX+VDkWvbfIFNPU7sBCPYsWQjba+654u/b9jUkEinnEElSgI6f +0xaWlK5ovEDJp5oInH5P0MGuRbCK2qZgXSkGj6Ov7XIa78bPvys/wC8mMIVjBEth +jCDaCvnBShBmv6v+70FV08mrKakDlPATCKIU8+hQxAExQWEG6RQTO1K7Ae8JQE8n +eHtuE2FsJM6/YMAG64cxrACw8QpcO3KSOjzuimkiJa+HIV5HmGKGDityh619qXlf +gDtSHPibCXLOmunSBz4eWNkcWz/jzE7vnVRFkYNqmZKaQrFU/2ed/EkCn7DNfTrR +j1vTad266wjGfkqAWNYPEMU/AgMBAAGjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFHOcoWDishvQ8hAzwRGXc5puW6vKMB4G +A1UdEQQXMBWBE2NhQGRpc3RvcnRlZC5vcmcudWswMwYDVR0fBCwwKjAooCagJIYi +aHR0cDovL3d3dy5kaXN0b3J0ZWQub3JnLnVrL2NhL2NybDANBgkqhkiG9w0BAQsF +AAOCAYEAax+wSbwHJYp1RwO0hUfItpuTa3yqyRV069KBVxDibLZCSksYEYAEGx5n +Y0FwobMqbOaCd52kg57w5McOVg/xHmH/oyfxS6qa/SenuhP5mra45m14/CshX2K3 +czo4lDBOgLcfhNwaaNr6mRkIw+B/0giLJcFp5dUkXjNMXMzSpycrAdo8UMNYZHP3 +f4gStW5B6weOxXnnPeHa5ps8yMS5knGhXQGVTpKe5X/tceQnPpcQ3l0aoTejH/D+ +Cf7Ocuf1oFxUGW/3YqjIZgl3bNhz2R3AzWXJvSeaihDcCx4I7DmZUIkvvMqiE1XG +fyyW8StGz5xwMZ1/EXIYZ12nyQOnH2vMrKOu4i4BvX+jjcqqIHKcgYRbNMWTGr3n +Uk8Amt3Drwqh5GSq2WKAzrnIVzgDVNDhrgypCdpEiDJYDVgfbfXIm2X+AldE6uGu +Ql9jJLbymdjgPTVsZNr3fxz3MZakOJPKELzmv9iSrrziwd9XRWtxe9DqQ47Hh2F3 +FhcQAe9r +-----END CERTIFICATE----- diff --git a/certs/http-server-www#1.cert b/certs/http-server-www#1.cert new file mode 100644 index 0000000..29a6326 --- /dev/null +++ b/certs/http-server-www#1.cert @@ -0,0 +1,130 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1387014 (0x152a06) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA + Validity + Not Before: Dec 20 04:07:45 2014 GMT + Not After : Dec 21 00:30:39 2015 GMT + Subject: C=GB, CN=www.distorted.org.uk/emailAddress=webmaster@distorted.org.uk + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (3072 bit) + Modulus: + 00:9f:62:f3:4c:fa:9a:4c:62:c8:31:c3:54:6f:b5: + 7b:9e:cc:9c:e0:d8:fd:4e:b6:6c:97:d0:28:c4:1e: + 09:07:07:e2:85:42:ad:d5:49:2d:94:06:55:9e:99: + 0c:c8:f7:0b:6a:72:ad:5d:2c:66:cc:df:84:ea:88: + 46:43:a9:39:42:d7:d4:09:3f:1b:26:39:c6:69:71: + ae:f2:02:98:db:79:13:b4:d3:26:60:8b:c5:eb:fb: + c7:51:84:3a:64:0b:e3:02:e9:13:8e:fa:a6:b7:cb: + 66:49:55:9e:e3:cb:9a:a4:ed:0c:3a:4b:c1:e0:de: + e8:03:29:88:8d:b6:43:bd:c5:e6:a0:c6:04:78:1d: + 6f:65:48:8f:7d:13:e9:3e:ae:b2:03:df:43:57:19: + f9:8f:85:15:dc:4f:78:3b:65:5b:90:46:28:5f:32: + 4c:5b:8c:29:69:73:ba:fc:00:25:5c:2b:7a:2d:26: + d1:ad:7b:28:07:21:db:27:ea:b3:81:7b:25:a5:e4: + cc:ec:d6:85:88:63:c3:29:7e:10:e6:3c:cb:2a:1d: + 77:72:c0:bb:34:b8:c9:62:3e:bf:d8:f5:e6:d8:d5: + 73:df:5b:1e:90:f4:aa:51:d0:7f:f3:16:03:43:31: + d5:4b:1e:91:1e:92:0f:e9:dc:95:36:9a:0e:80:60: + d3:98:c7:62:fb:af:76:87:e7:9b:0f:7e:1d:be:dc: + 22:1a:46:ff:b7:5b:39:01:79:cd:3a:ef:25:16:3c: + 86:6a:e1:1e:f4:e8:cb:0b:ff:cd:4c:66:dc:36:50: + 77:9d:1a:35:77:5a:85:89:b0:ea:fb:43:0f:7f:19: + 7f:d8:dd:6a:cd:a3:c3:85:12:3e:e3:39:5b:89:ec: + fc:78:df:39:2e:ae:94:7e:1a:ac:62:0c:dc:5a:fc: + 09:b6:9f:82:4d:2c:ad:f3:2b:68:44:22:da:42:ca: + 85:d6:9c:46:e5:37:cc:7d:65:c5:62:e3:d8:e5:58: + 28:01:18:1b:27:40:d6:d5:dd:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + A9:DF:AD:DC:D2:3B:DD:6A:E6:AF:CC:B1:28:60:3A:5F:5E:29:D0:85 + X509v3 Authority Key Identifier: + keyid:EB:42:34:D0:98:B0:AB:9F:F4:1B:6B:08:F7:CC:64:2E:EF:0E:2C:45 + + X509v3 Subject Alternative Name: + DNS:www.distorted.org.uk, DNS:distorted.org.uk + X509v3 Certificate Policies: + Policy: 2.23.140.1.2.1 + Policy: 1.3.6.1.4.1.23223.1.2.3 + CPS: http://www.startssl.com/policy.pdf + User Notice: + Organization: StartCom Certification Authority + Number: 1 + Explicit Text: This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations. + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.startssl.com/crt1-crl.crl + + Authority Information Access: + OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca + CA Issuers - URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt + + X509v3 Issuer Alternative Name: + URI:http://www.startssl.com/ + Signature Algorithm: sha256WithRSAEncryption + a7:cc:45:92:89:84:06:e0:39:20:4e:37:58:f2:02:e3:6c:c9: + 43:c6:d9:06:68:ea:fe:40:e3:d8:b3:a2:3c:63:8a:03:86:76: + 83:83:38:2b:ea:9d:14:f9:2a:89:8d:0c:31:d4:83:f5:ac:5c: + fc:fc:2b:ac:f7:a8:7c:2f:b9:1b:2d:7d:8d:dd:ea:45:89:d5: + 3a:24:f1:9b:1e:9c:ef:25:4c:6c:77:37:4f:48:d3:79:1c:fe: + ef:a5:29:8c:3e:f1:42:be:83:50:6a:73:c2:46:4e:5c:a7:5a: + fc:0f:73:1e:c8:fd:e6:a9:45:5a:61:d4:5b:35:06:6a:60:b3: + 79:77:e3:8a:bd:12:d7:47:cd:cc:7d:2f:f2:cc:9c:c5:fe:97: + 98:72:6f:1a:c1:9e:5e:57:99:a6:93:b0:9a:bd:4c:f6:14:e3: + c7:16:9a:28:2b:b2:36:5e:b7:1c:8e:d3:bf:97:ed:07:11:1d: + 6d:d4:51:e4:90:e1:18:b2:7a:15:d5:ec:bf:1b:b5:3c:8d:a5: + 69:28:da:cb:47:a9:68:be:eb:0e:3b:58:49:c1:9d:5c:8d:c6: + c6:e1:2a:28:c1:f0:66:e9:c4:e9:7f:50:3e:f3:d8:ad:47:39: + cf:f9:65:ee:d8:e4:61:b2:48:db:c0:92:1b:bb:1d:55:6d:c4: + 5d:52:7c:0c +-----BEGIN CERTIFICATE----- +MIIGzjCCBbagAwIBAgIDFSoGMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJ +TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg +MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQxMjIwMDQwNzQ1 +WhcNMTUxMjIxMDAzMDM5WjBXMQswCQYDVQQGEwJHQjEdMBsGA1UEAxMUd3d3LmRp +c3RvcnRlZC5vcmcudWsxKTAnBgkqhkiG9w0BCQEWGndlYm1hc3RlckBkaXN0b3J0 +ZWQub3JnLnVrMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAn2LzTPqa +TGLIMcNUb7V7nsyc4Nj9TrZsl9AoxB4JBwfihUKt1UktlAZVnpkMyPcLanKtXSxm +zN+E6ohGQ6k5QtfUCT8bJjnGaXGu8gKY23kTtNMmYIvF6/vHUYQ6ZAvjAukTjvqm +t8tmSVWe48uapO0MOkvB4N7oAymIjbZDvcXmoMYEeB1vZUiPfRPpPq6yA99DVxn5 +j4UV3E94O2VbkEYoXzJMW4wpaXO6/AAlXCt6LSbRrXsoByHbJ+qzgXslpeTM7NaF +iGPDKX4Q5jzLKh13csC7NLjJYj6/2PXm2NVz31sekPSqUdB/8xYDQzHVSx6RHpIP +6dyVNpoOgGDTmMdi+692h+ebD34dvtwiGkb/t1s5AXnNOu8lFjyGauEe9OjLC//N +TGbcNlB3nRo1d1qFibDq+0MPfxl/2N1qzaPDhRI+4zlbiez8eN85Lq6UfhqsYgzc +WvwJtp+CTSyt8ytoRCLaQsqF1pxG5TfMfWXFYuPY5VgoARgbJ0DW1d3lAgMBAAGj +ggLrMIIC5zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEF +BQcDATAdBgNVHQ4EFgQUqd+t3NI73Wrmr8yxKGA6X14p0IUwHwYDVR0jBBgwFoAU +60I00Jiwq5/0G2sI98xkLu8OLEUwMQYDVR0RBCowKIIUd3d3LmRpc3RvcnRlZC5v +cmcudWuCEGRpc3RvcnRlZC5vcmcudWswggFWBgNVHSAEggFNMIIBSTAIBgZngQwB +AgEwggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cu +c3RhcnRzc2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0 +Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmlj +YXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRp +b24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlh +bmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ug +b2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDUGA1UdHwQuMCwwKqAo +oCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYB +BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29t +L3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0 +YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0S +BBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IB +AQCnzEWSiYQG4DkgTjdY8gLjbMlDxtkGaOr+QOPYs6I8Y4oDhnaDgzgr6p0U+SqJ +jQwx1IP1rFz8/Cus96h8L7kbLX2N3epFidU6JPGbHpzvJUxsdzdPSNN5HP7vpSmM +PvFCvoNQanPCRk5cp1r8D3MeyP3mqUVaYdRbNQZqYLN5d+OKvRLXR83MfS/yzJzF +/peYcm8awZ5eV5mmk7CavUz2FOPHFpooK7I2XrccjtO/l+0HER1t1FHkkOEYsnoV +1ey/G7U8jaVpKNrLR6lovusOO1hJwZ1cjcbG4SoowfBm6cTpf1A+89itRznP+WXu +2ORhskjbwJIbux1VbcRdUnwM +-----END CERTIFICATE----- diff --git a/distorted.lisp b/distorted.lisp index 73fd09d..5dde19a 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -138,6 +138,18 @@ (defzone distorted.org.uk (jump :svc jazz.jump :sshfp "jazz")) ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster") (jump :svc stratocaster.jump :sshfp "stratocaster")) + ((www @) :tlsa (:https (:service-certificate-constraint + :certificate :sha-256 + #p"certs/http-server-www#1.cert"))) + (git :tlsa (:https (:trust-anchor-assertion + :certificate :sha-256 + #p"certs/distorted-ca.cert"))) + (www-cache :tlsa (3127 (:trust-anchor-assertion + :certificate :sha-256 + #p"certs/distorted-ca.cert"))) + (mail :tlsa ((:smtp :submission :imap) (:trust-anchor-assertion + :certificate :sha-256 + #p"certs/distorted-ca.cert"))) :svc #+view/inside stratocaster.colo #-view/inside stratocaster.jump (cabal :svc stratocaster.colo :sshfp "stratocaster") -- [mdw]