Video: DANEs Don’t Lie – DANE/SMTP (RIPE 68)

How can we secure communications between SMTP mail servers? Simply using TLS between servers will not prevent Man In The Middle(MITM) attacks. DNSSEC and DANE to the rescue! Using DANE, SMTP servers can validate X.509 certificates tied to TLS using DNSSEC lookups. In this lightning talk from Carsten Strotmann, learn how this all works and the current status of implementations. His talk, entitled “DANEs don’t lie – DANE/SMTP” is now available for viewing from the RIPE 68 site, and the slides are available for download.


After watching, check out our resources on DNSSEC and DANE.

June 19th, 2014 by | Posted in DANE, DNSSEC, Videos | Tags: , , , | 3 Comments

3 Responses to Video: DANEs Don’t Lie – DANE/SMTP (RIPE 68)

  1. Just tried to view the video and download the slides for the MTA to MTA deployment of DANE. However the Ripe68 site is unreachable. Are there more enduring links for the slides and video?

    This important link in the DANE chain is on the burner for us to develop tests at NIST.

    • Dan York says:

      Hmmm… I just tried it right now and the links are working for me. Perhaps they were doing some maintenance over the weekend. Unfortunately those are the only links we have for those particular pieces of content. I’d suggest trying it again and if you still can’t get it perhaps we can find some contact info for the speaker to get to you.


  2. […] space also extends to humanless computer-to-computer communications. We’ve written about how DANE makes it easier for operators to deploy STARTTLS for things like the Simple Mail Transfer Protocol(SMTP). That’s really just the start. […]

Leave a Reply

Your email address will not be published. Required fields are marked *