Donate
‹ Back
Deploy360 2 December 2013

Afnic Publishes Issue Paper: “Securing Internet Communications End-to-end Using DANE Protocol”

Dan York
By Dan YorkDirector of Web Strategy

Afnic paper on DANELast week, the great folks over at Afnic released an outstanding issue paper about how the DANE protocol and DNSSEC can bring a higher level of trust and security to Internet-based communications.  The issue paper, “Securing End-to-end Internet communications using DANE protocol“, is available in PDF (direct link) and walks through how DANE can be used to increase the security used in TLS/SSL certificates (PKIX).  The document describes the problems associated with the current world of certificates and then explains how DANE can make the situation more secure.

Readers of this Deploy360 site will know that we’ve produced similar types of documents ourselves, but not in an “issue paper” form that can be distributed.  The Afnic folks have done a great job with this and I like the graphics they are using.

As they note on the final page, DANE is for much more than web browsing – and in fact the major implementations we’re seeing right now are in other services like email and XMPP (Jabber). The browser vendors have so far not seen enough requests (we are told) to look at including DANE in their browsers.

Hopefully this document from Afnic will help people further understand the very real value DANE can bring in ensuring that you are using the correct TLS/SSL certificate when you are connecting to a web site.

Kudos to the Afnic team for creating this document – and I encourage everyone to share this document widely! (Thanks!)

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Deploy360@IETF90, Day 2: DNSOP, DANE, UTA, V6OPS, IDR, OPSEC and ISOC@IETF
Deploy36022 July 2014

Deploy360@IETF90, Day 2: DNSOP, DANE, UTA, V6OPS, IDR, OPSEC and ISOC@IETF

Today seems to be "DNS Day" here at IETF 90 in Toronto with the two major DNS-related working groups we...

Rough Guide to IETF 90: DNSSEC, DANE and DNS Security
Rough Guide to IETF 90: DNSSEC, DANE and DNS Security
Domain Name System (DNS)16 July 2014

Rough Guide to IETF 90: DNSSEC, DANE and DNS Security

Tuesday at IETF 90 seems to be "DNS Day" with two of the major DNS-related working groups, DNSOP and DANE,...

Want To Speak About Your DNSSEC Or DANE Work, Tool or Service? (ICANN52 CFP)
Deploy3604 December 2014

Want To Speak About Your DNSSEC Or DANE Work, Tool or Service? (ICANN52 CFP)

Will you be attending ICANN 52 in Singapore in February 2015?  If so, and if you work with DNSSEC or DANE ,...

Join the conversation with Internet Society members around the world