DNS-based Authentication of Named Entities

Thematic Area: Networking

This is an emerging technology that introduces important changes in the use of Certificate and Certification Authority solving serious security breaches in the use of TLS/SSL encryption to access Internet services. DNS-based Authentication of Named Entities (DANE) enables the administrator of a domain name to certify the keys used in that domain's TLS clients or servers by storing them in the Domain Name System (DNS). DANE needs DNS records to be signed with DNSSEC. Additionally DANE allows a domain owner to specify which CA is allowed to issue certificates for a particular resource, which solves the problem of any CA being able to issue certificates for any domain. We are partecipating to the DANE IETF working group activities and we are working on a proposal to introduce such new technologies in the Certified Electronic Email systems.

Referent

Francesco Gennai

Projects

Latest Announcements