For those of you interested in tracking the evolution of the DANE protocol to add a DNSSEC-secured layer of trust to TLS certificates, the DANE Working Group within the IETF recently held an “Interim Virtual Meeting” via conference call on December 2, 2014, where the focus was all around using DANE for securing email using S/MIME. The minutes for the meeting can be found at:
The primary two drafts that were discussed were:
- Using Secure DNS to Associate Certificates with Domain Names For S/MIME,
draft-ietf-dane-smime - Enterprise Requirements for Secure Email Key Management,
draft-osterweil-dane-ent-email-reqs
I was not able to attend myself but the minutes do provide a view into what occurred during the session. There has also been further discussion on the DANE mailing list (to which anyone is welcome to subscribe).
What continues to be fascinating is how much interest there is in using DANE for better securing email communication, and this session was for those looking to use DANE for email systems using S/MIME. It will be interesting to see where this goes over the next months. At IETF 91 in November Eric Osterweil from Verisign demonstrated a version of Thunderbird that supported this usage of DANE. He said they were looking at making that available publicly and that could certainly be of interest to many.
If you want to learn more about DANE, please visit our DANE page – and if you like to get started with DNSSEC please visit our Start Here page to find resources to help you begin.