[CLEREZZA-438] DANE support in Clerezza - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Minor
Resolution: Later
Affects Version/s: None
Fix Version/s: 0.2-incubating
Component/s: None
Labels:
- security
- webid

Description

DANE (DNS-based Authentication of Named Entities) is an IETF group that is working on specifying how to add public keys to DNSSEC as described in their charter

http://tools.ietf.org/wg/dane/charters

Their latest draft spec is here http://tools.ietf.org/wg/dane/

DANE support should enable browsers to minimally authenticate servers that use self signed certs. There are 3 times more such servers CA based ones. Putting a self signed cert in the DNS should be a lot simpler a procedure than going through CAs. There is a firefox plugin already to test this in a browser: ie the browser should not longer show the DANGER error messages when coming across such sites.

This is an interesting research topic with the following requirements:

It would require DNSSEC libraries in Java.
It be useful if apache.org was had a DNSSEC presence (it may have, I don't know how to check)

Two use cases:

make clerezza TLS requests Dane aware
make it easy on booting Clerezza to add public key to DNS

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Henry Story

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Feb/11 10:00

Updated:: 08/Nov/11 14:22

Resolved:: 11/May/11 17:28