For those of you interested in tracking the evolution of the DANE protocol to add a DNSSEC-secured layer of trust to TLS certificates, the DANE Working Group within the IETF recently held an “Interim Virtual Meeting” via conference call on December 2, 2014, where the focus was all around using DANE for securing email using S/MIME. The minutes for the meeting can be found at:
The primary two drafts that were discussed were:
I was not able to attend myself but the minutes do provide a view into what occurred during the session. There has also been further discussion on the DANE mailing list (to which anyone is welcome to subscribe).
What continues to be fascinating is how much interest there is in using DANE for better securing email communication, and this session was for those looking to use DANE for email systems using S/MIME. It will be interesting to see where this goes over the next months. At IETF 91 in November Eric Osterweil from Verisign demonstrated a version of Thunderbird that supported this usage of DANE. He said they were looking at making that available publicly and that could certainly be of interest to many.
If you want to learn more about DANE, please visit our DANE page – and if you like to get started with DNSSEC please visit our Start Here page to find resources to help you begin.
Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.
We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,…
Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map…
It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a…
About The Author
More Stories
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation
Final Results of the 2026 Internet Society Board of Trustees Elections and IETF Selections
Community Snapshot—March