DANE: An inbuilt security extension

Abstract

Use of TSL and certificates in secure applications in the internet is very common today. Certificate authorities are playing the important role of trust anchors. But this means that third party certificate authorities have to be trusted by both domain owners and their clients. Compromises of certificate authorities will put many users under a huge risk. To solve this problem, the DANE protocol was proposed that is used on top of DNSSEC. It allows using the chain of trust in DNS for authenticating certificates and makes clients impose many constraints on the certificates they receive. We analyze the performance of the DANE protocol at the client side and also present a tool for deploying and administrating DANE with BIND servers in a local network. � 2015 IEEE.