DANE manifesto
DANE manifesto
The Calyx Institute DANE Manifesto
If you have been following network security news as closely as I have you are probably already aware of problems with the X509 certificate system and the system of commercial Certificate Authorities. There have been a number of notable security incidents over the past few years which have made it apparent that organizations that care about security really need to take additional steps above and beyond purchasing a commercial SSL certificate to secure their encrypted services. We would like to make the case that the use of DANE / TLSA is an appropriate security measure to mitigate the problems with the X509 certificate system.