Donate
‹ Back
Domain Name System Security Extensions (DNSSEC) 4 October 2012

RFC 6698 – The DNS-Based Authentication of Named Entities

For anyone interested in how to better secure the Internet, the DANE protocol (“DNS-Based Authentication of Named Entities“) provides a mechanism for using DNSSEC to specify precisely which SSL/TLS certificate you want people to use to connect to your web server or other Internet service.  This provides a mechanism for ensuring that you are in fact using the correct certificate and your connection is not being intercepted by anyone in your network path.  DANE is defined in RFC 6698 at:

The abstract is:

Encrypted communication on the Internet often uses Transport Layer Security (TLS), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrators of domain names to specify the keys used in that domain’s TLS servers. This requires matching improvements in TLS client software, but no change in TLS server software.

Please view our page on the DANE protocol for more information about how the protocol can be used and how it helps make the Internet more secure.

‹ Back

Related articles

The DANE Protocol - DNS-Based Authentication of Named Entities
Domain Name System Security Extensions (DNSSEC)4 October 2012

The DANE Protocol – DNS-Based Authentication of Named Entities

If you connect to a website using a "secure" connection over TLS/SSL, how do you know you are using the correct...

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

Hash-slinger - a tool for creating TLSA records for the DANE protocol
Domain Name System Security Extensions (DNSSEC)30 November 2012

Hash-slinger – a tool for creating TLSA records for the DANE protocol

Hash-slinger is a package of tools created by Paul Wouters of RedHat to make it easy to create records for ...

Join the conversation with Internet Society members around the world