incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tommaso Teofili (Updated) (JIRA)" <>
Subject [jira] [Updated] (CLEREZZA-438) DANE support in Clerezza
Date Tue, 08 Nov 2011 14:23:55 GMT


Tommaso Teofili updated CLEREZZA-438:

    Fix Version/s: 0.2-incubating
> DANE support in Clerezza 
> -------------------------
>                 Key: CLEREZZA-438
>                 URL:
>             Project: Clerezza
>          Issue Type: New Feature
>            Reporter: Henry Story
>            Priority: Minor
>              Labels: security, webid
>             Fix For: 0.2-incubating
> DANE (DNS-based Authentication of Named Entities) is an IETF group that is working on
specifying how to add public keys to DNSSEC as described in their charter
> Their latest draft spec is here
> DANE support should enable browsers to minimally authenticate servers that use self signed
certs. There are 3 times more such servers  CA based ones. Putting a self signed cert in the
DNS should be a lot simpler a procedure than going through CAs. There is a firefox plugin
already to test this in a browser: ie the browser should not longer show the DANGER error
messages when coming across such sites. 
> This is an interesting research topic with the following requirements:
>  - It would require DNSSEC libraries in Java. 
>  - It be useful if was had a DNSSEC presence (it may have, I don't know how
to check)
> Two use cases:
>  - make clerezza TLS requests Dane aware
>  - make it easy on booting Clerezza to add public key to DNS

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message