Deploy360 22 April 2015

At RSA Conference Apr 23: Can DNSSEC and DANE Add a Layer Of Trust to TLS and DNS?

By Dan YorkDirector, Internet Technology

RSA Conference LogoCan DNSSEC and DANE add a layer of trust to TLS and DNS? That will be the question up for discussion tomorrow, April 23, 2015, at the RSA Conference in San Francisco. As part of the “Peer2Peer” small discussion sessions, Wes Hardaker from Parsons will be facilitating a session from 9:10-10:00am (PDT) with the description:

If we agree that the existing Certificate Authority (CA) system for TLS is broken, how do we fix it? Can the DANE protocol (RFC 6698) and DNSSEC provide a solid mechanism to add a layer of trust to network connections that use TLS? What do we need to do to use DANE and to get DANE more widely deployed? Join other peers in this discussion about how the DANE protocol works, how it is currently being implemented, (particularly in email and XMPP systems) and how DANE might be used in different scenarios. Bring your ideas and criticisms, and be prepared for a lively discussion.

If you are there at the RSA Conference in San Francisco and interested in DNSSEC, DANE and/or how we secure TLS, I would encourage you to stop by and engage in the discussion.   It is not a session being live streamed or anything like that and so you need to be at the actual conference to participate.

I wish I could be there myself… but I’m on the other side of the continent and so I’ll just have to learn from Wes how it went.

P.S. If you want to get started yourself with deploying DNSSEC and DANE, please visit our Start Here page.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...