2012
DOI: 10.17487/rfc6698
|View full text |Cite
|
Sign up to set email alerts
|

The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA

Abstract: Encrypted communication on the Internet often uses Transport Layer Security (TLS), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrators of domain names to specify the keys used in that domain's TLS servers. This requires matching improvements in TLS client software, but no change in TLS server software. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (I… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
149
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
6
3
1

Relationship

0
10

Authors

Journals

citations
Cited by 213 publications
(149 citation statements)
references
References 16 publications
0
149
0
Order By: Relevance
“…In addition, a PCC MAY apply the procedures described in "DNS-Based Authentication of Named Entities (DANE)" [RFC6698] to verify its peer identity when using DNS discovery. See Section 4.1 for further details.…”
Section: Peer Identitymentioning
confidence: 99%
“…In addition, a PCC MAY apply the procedures described in "DNS-Based Authentication of Named Entities (DANE)" [RFC6698] to verify its peer identity when using DNS discovery. See Section 4.1 for further details.…”
Section: Peer Identitymentioning
confidence: 99%
“…Thus, for high-security use of HTTPS, IETF standards such as HTTP Strict Transport Security (HSTS) [RFC6797], certificate pinning [RFC7469], and/or DNS-Based Authentication of Named Entities (DANE) [RFC6698] should be used.…”
Section: Injection Of Recordsmentioning
confidence: 99%
“…Such trustworthy names are either entered manually (for example, if they are advertised on a Mail Service Provider's website), explicitly confirmed by the user (e.g., if they are a target of a DNS SRV lookup), or derived using a secure third party service (e.g., DNSSEC-protected SRV records that are verified by the client or trusted local resolver). Future work in this area might benefit from integration with DNS-Based Authentication of Named Entities (DANE) [RFC6698], but it is not covered by this document.…”
Section: Security Considerationsmentioning
confidence: 99%