论文信息 - DANE: An inbuilt security extension

DANE: An inbuilt security extension

Use of TSL and certificates in secure applications in the internet is very common today. Certificate authorities are playing the important role of trust anchors. But this means that third party certificate authorities have to be trusted by both domain owners and their clients. Compromises of certificate authorities will put many users under a huge risk. To solve this problem, the DANE protocol was proposed that is used on top of DNSSEC. It allows using the chain of trust in DNS for authenticating certificates and makes clients impose many constraints on the certificates they receive. We analyze the performance of the DANE protocol at the client side and also present a tool for deploying and administrating DANE with BIND servers in a local network.

[1] Paul E. Hoffman,et al. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.

[2] John S. Heidemann,et al. Measuring DANE TLSA Deployment , 2015, TMA.

[3] Securing End-to-End Internet communications using DANE protocol , 2013 .

[4] Matt Larson,et al. Reducing the X . 509 Attack Surface with DNSSEC ’ s DANE , 2012 .