HOME

TheInfoList



Click Here for Items Related To - DNS-based Authentication Of Named Entities
OR:
DNS-based Authentication Of Named Entities on:   [Wikipedia]   [Google]   [Amazon]

DNS-based Authentication of Named Entities (DANE) is an
Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
protocol to allow
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
digital certificates, commonly used for
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(TLS), to be bound to
domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...
s using
Domain Name System Security Extensions The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
(DNSSEC). It is proposed in as a way to authenticate TLS client and server entities without a certificate authority ( CA). It is updated with operational and deployment guidance in . Application specific usage of DANE is defined in for SMTP and for using DANE with Service (SRV) records.


Rationale

TLS/SSL encryption is currently based on certificates issued by
certificate authorities In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CAs). Within the last few years, a number of CA providers suffered serious
security breach Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
es, allowing the issuance of certificates for well-known domains to those who don't own those domains. Trusting a large number of CAs might be a problem because any breached CA could issue a certificate for any domain name. DANE enables the administrator of a domain name to certify the keys used in that domain's TLS clients or servers by storing them in the Domain Name System (DNS). DANE needs the DNS records to be signed with DNSSEC for its security model to work. Additionally DANE allows a domain owner to specify which CA is allowed to issue certificates for a particular resource, which solves the problem of any CA being able to issue certificates for any domain. DANE solves similar problems as: ;
Certificate Transparency Certificate Transparency (CT) is an Internet security standard for monitoring and auditing the issuance of digital certificates. The standard creates a system of public logs that seek to eventually record all certificates issued by publicly tru ...
: Ensuring that rogue CAs cannot issue certificates without the permission of the domain holder without being detected ;
DNS Certification Authority Authorization DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism that allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain na ...
: Limiting which CAs can issue certificates for a given domain However, unlike DANE, those technologies have wide support from browsers.


Email encryption

Until recently, there has been no widely implemented standard for
encrypted email Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication. Email is prone to the disclosure of information. Most emails ...
transfer. Sending an email is security agnostic; there is no URI scheme to designate secure SMTP. Consequently, most email that is delivered over TLS uses only
opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
. Since DNSSEC provides authenticated denial of existence (allows a resolver to validate that a certain domain name does not exist), DANE enables an incremental transition to verified, encrypted SMTP without any other external mechanisms, as described by . A DANE record indicates that the sender must use TLS. Additionally, a draft exists for applying DANE to
S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by R ...
, and standardises bindings for
OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partiti ...
.


Support


Applications

*
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, ...
does not support DANE, since Google Chrome wishes to eliminate the use of 1024-bit RSA within the browser (DNSSEC previously used a 1024-bit RSA signed root, and many zones are still signed with 1024-bit RSA, although the modern default is 256-bit ECDSA). According to Adam Langley the code was written and, although it is not in Chrome today, it remains available in add-on form. *
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current an ...
(before version 57) had support via an add-on. * GNU Privacy Guard Allows fetching keys via OpenPGP DANE (--auto-key-locate). New option --export-options export-dane. (version 2.1.14)


Servers

* Postfix * PowerMTA * Halon * Exim


Services

*
Posteo Posteo is an email service provider based in Berlin, Germany, offering paid email accounts for individuals and businesses. The service gained prominence during the aftermath of the post-2013 global surveillance disclosures, especially for its h ...
*
Tutanota Tutanota is an end-to-end encrypted email app and a freemium secure email service. The service is advertisement-free; it relies on donations and premium subscriptions. As of March 2017, Tutanota's owners claimed to have over 2 million users of ...


Libraries

*
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...
*
GnuTLS GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...


TLSA RR

The TLSA RR (Resource Record) for a service is located at a DNS name that specifies certificate constraints should be applied for the services at a certain TCP or UDP port. At least one of the TLSA RRs must provide a validation (path) for the certificate offered by the service at the specified address. Not all protocols handle Common Name matching the same way. HTTP requires that the Common Name in the X.509 certificate provided by the service matches regardless of the TLSA asserting its validity. SMTP does not require the Common Name matches, if the certificate usage value is 3 (DANE-EE), but otherwise does require a Common Name match. It is important to verify if there are specific instructions for the protocol being used.


RR data fields

The RR itself has 4 fields of data, describing which level of validation the domain owner provides. * the certificate usage field * the selector field * the matching type field * the certificate association data E.g. _25._tcp.somehost.example.com. TLSA 3 1 1 0123456789ABCDEF


Certificate usage

The first field after the TLSA text in the DNS RR, specifies how to verify the certificate. * A value of 0 is for what is commonly called ''CA constraint'' (and PKIX-TA). The certificate provided when establishing TLS must be issued by the listed root-CA or one of its intermediate CAs, with a valid certification path to a root-CA already trusted by the application doing the verification. The record may just point to an intermediate CA, in which case the certificate for this service must come via this CA, but the entire chain to a trusted root-CA must still be valid. * A value of 1 is for what is commonly called ''Service certificate constraint'' (and PKIX-EE). The certificate used must match the TLSA record, and it must also pass PKIX certification path validation to a trusted root-CA. * A value of 2 is for what is commonly called ''Trust Anchor Assertion'' (and DANE-TA). The TLSA record matches the certificate of the root CA, or one of the intermediate CAs, of the certificate in use by the service. The certification path must be valid up to the matching certificate, but there is no need for a trusted root-CA. * A value of 3 is for what is commonly called ''Domain issued certificate'' (and DANE-EE). The TLSA record matches the used certificate itself. The used certificate does not need to be signed by other parties. This is useful for self-signed certificates, but also for cases where the validator does not have a list of trusted root certificates.


Selector

When connecting to the service and a certificate is received, the selector field specifies which parts of it should be checked. * A value of 0 means to select the entire certificate for matching. * A value of 1 means to select just the public key for certificate matching. Matching the public key is often sufficient, as this is likely to be unique.


Matching type

* A type of 0 means the entire information selected is present in the certificate association data. * A type of 1 means to do a SHA-256 hash of the selected data. * A type of 2 means to do a SHA-512 hash of the selected data.


Certificate association data

The actual data to be matched given the settings of the other fields. This is a long "text string" of hexadecimal data.


Examples

The TLSA record for ''www.ietf.org'' specifies to check the SHA-256 hash of the public key of the certificate provided, ignoring any CA. _443._tcp.www.ietf.org. TLSA 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B56664C5D3D6 Their mail service has the same exact certificate and TLSA. ietf.org. MX 0 mail.ietf.org. _25._tcp.mail.ietf.org. TLSA 3 1 1 0C72AC70B745AC19998811B131D662C9AC69DBDBE7CB23E5B514B56664C5D3D6 Finally, the following example, does the same as the others, but does the hash calculation over the entire certificate. _25._tcp.mail.alice
.example The name example is reserved by the Internet Engineering Task Force (IETF) as a domain name that may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet. Reserved DNS names By publication of RFC 2606 in 1999, t ...
. TLSA 3 0 1 AB9BEB9919729F3239AF08214C1EF6CCA52D2DBAE788BB5BE834C13911292ED9


Standards

* Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE) * The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA * Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) * The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance * SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) * Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records * DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP * Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints * Using Secure DNS to Associate Certificates with Domain Names for S/MIME * Draft: Opportunistic Encryption with DANE Semantics and IPsec: IPSECA


See also

*
DNS Certification Authority Authorization DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism that allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain na ...


Notes


References


External links


DNSSEC is unnecessary - Against DNSSEC

For DNSSEC
- A rebuttal to the points in "Against DNSSEC"
List of DANE test sites

Online tool to check mail servers for DNSSEC and DANE support

Illustrated DANE advocacy
with links to howtos and tools {{SSL/TLS Domain Name System Security Extensions Domain Name System Internet Standards Key management Public-key cryptography Transport Layer Security