Can DNSSEC and DANE add a layer of trust to TLS and DNS? That will be the question up for discussion tomorrow, April 23, 2015, at the RSA Conference in San Francisco. As part of the “Peer2Peer” small discussion sessions, Wes Hardaker from Parsons will be facilitating a session from 9:10-10:00am (PDT) with the description:
If we agree that the existing Certificate Authority (CA) system for TLS is broken, how do we fix it? Can the DANE protocol (RFC 6698) and DNSSEC provide a solid mechanism to add a layer of trust to network connections that use TLS? What do we need to do to use DANE and to get DANE more widely deployed? Join other peers in this discussion about how the DANE protocol works, how it is currently being implemented, (particularly in email and XMPP systems) and how DANE might be used in different scenarios. Bring your ideas and criticisms, and be prepared for a lively discussion.
If you are there at the RSA Conference in San Francisco and interested in DNSSEC, DANE and/or how we secure TLS, I would encourage you to stop by and engage in the discussion. It is not a session being live streamed or anything like that and so you need to be at the actual conference to participate.
I wish I could be there myself… but I’m on the other side of the continent and so I’ll just have to learn from Wes how it went.
P.S. If you want to get started yourself with deploying DNSSEC and DANE, please visit our Start Here page.