The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
نویسندگان
چکیده
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
منابع مشابه
Measuring DANE TLSA Deployment
The DANE (DNS-based Authentication of Named Entities) framework uses DNSSEC to provide a source of trust, and with TLSA it can serve as a root of trust for TLS certificates. This serves to complement traditional certificate authentication methods, which is important given the risks inherent in trusting hundreds of organizations—risks already demonstrated with multiple compromises. The TLSA prot...
متن کاملUse Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)
Many current applications use the certificate-based authentication features in Transport Layer Security (TLS) to allow clients to verify that a connected server properly represents a desired domain name. Typically, this authentication has been based on PKIX certificate chains rooted in well-known certificate authorities (CAs), but additional information can be provided via the DNS itself. This ...
متن کاملBoost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination
SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addr...
متن کاملEinführung von DNSSEC und DANE im Bayerischen Hochschulnetz
Verbindungen zwischen Mailservern über das Simple Mail Transfer Protocol (SMTP) können zur Sicherung des Übertragungskanals TLS-verschlüsselt werden. Die dafür verwendeten Zertifikate basieren auf CA-Vertrauen, sind oft nicht verifizierbar oder schlicht abgelaufen. Im Gegensatz zur TLS-Verschlüsselung im Browser kann hier keine manuelle Autorisierung durch einen Mail-Administrator erfolgen, son...
متن کاملDANE Trusted Email for Supply Chain Management
Supply chain management is critically dependent on trusted email mechanisms that address forgery, confidentiality, and sender authenticity. The IETF protocol ‘Domain Authentication of Named Entities’ (DANE) described in this paper has been extended from its initial goal of providing TLS web site validation to also offer a foundation for globally scalable and interoperable email security. Widesp...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- RFC
دوره 6698 شماره
صفحات -
تاریخ انتشار 2012