Collaborate Disseminate
I would like to setup a webserver using TLS without relying on third party CA.
Is it still possible in 2023 ?
FreeBSD was using the feature and is now using Let’s Encrypt (as well as a lot of privacy-conscious projects)
Do you have an exam… Continue reading Is DANE-EE TLSA version 3 (Domain-issued certificate from rfc6698) still supported in 2023?
Under DANE, the digital chain of trust goes (roughly):
[Public visibility of the ceremony for the generation of the]
ICANN Root Zone Key, which
something something involving the TLD authorities and registrars, which culminates in validat… Continue reading Non-TLS-authoritative ZSKs?
In the scenario with two domain names
example.com secured with DNSSEC
example.org not secured with DNSSEC
and a mail service running at smtp.example.org:
I want to secure the mail service using TLSA/DANE. Is this somehow… Continue reading Is it okay to publish a TLSA records for non-DNSSEC CNAME’ed services?
I’m trying to understand DANE and TLSA records more accurately. Is it fair to call DANE the DNS-variant of (or at least a very similar technique to) HTTP Public Key Pinning (HPKP)?
Because with HPKP a SSL certificate can be… Continue reading Is DANE the DNS-variant of HTTP Public Key Pinning (HPKP)?
I’m trying to understand DANE and TLSA records more accurately. Is it fair to call DANE the DNS-variant of (or at least a very similar technique to) HTTP Public Key Pinning (HPKP)?
Because with HPKP a SSL certificate can be… Continue reading Is DANE the DNS-variant of HTTP Public Key Pinning (HPKP)?
How does the DNS-based Authentication of Named Entities (DANE) protocol make Certificate Authorities (CA) obsolete?
In other words: How is it technically possible that DANE does not need CAs?
Continue reading How does the DANE protocol make Certificate Authorities obsolete?
How does the DNS-based Authentication of Named Entities (DANE) protocol make Certificate Authorities (CA) obsolete?
In other words: How is it technically possible that DANE does not need CAs?
Continue reading How does the DANE protocol make Certificate Authorities obsolete?
How does the DNS-based Authentication of Named Entities (DANE) protocol make Certificate Authorities (CA) obsolete?
In other words: How is it technically possible that DANE does not need Certificate Authorities?
Continue reading How does the DANE protocol make Certificate Authorities obsolete?
Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?
For example:
Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?
Assuming that it’s tough to get many government owned TLDs to cooperate to spoof DANE or DNSSec, would it be wise to publish the same certificate (different SAN names) to various TLDs?
For example:
Company.com
Company.cn
C… Continue reading Would DNSSec and DANE be more secure if the same key was published to different TLDs?