Deploy360 11 December 2014

DANE Interim Meeting on Dec 2 Focused on Email and S/MIME

By Dan YorkDirector, Internet Technology

IETF LogoFor those of you interested in tracking the evolution of the DANE protocol to add a DNSSEC-secured layer of trust to TLS certificates, the DANE Working Group within the IETF recently held an “Interim Virtual Meeting” via  conference call on December 2, 2014, where the focus was all around using DANE for securing email using S/MIME.  The minutes for the meeting can be found at:

The primary two drafts that were discussed were:

I was not able to attend myself but the minutes do provide a view into what occurred during the session.   There has also been further discussion on the DANE mailing list (to which anyone is welcome to subscribe).

What continues to be fascinating is how much interest there is in using DANE for better securing email communication, and this session was for those looking to use DANE for email systems using S/MIME.  It will be interesting to see where this goes over the next months.  At IETF 91 in November Eric Osterweil from Verisign demonstrated a version of Thunderbird that supported this usage of DANE.  He said they were looking at making that available publicly and that could certainly be of interest to many.

If you want to learn more about DANE, please visit our DANE page – and if you like to get started with DNSSEC please visit our Start Here page to find resources to help you begin.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...