DANE support in Clerezza
-------------------------
Key: CLEREZZA-438
URL: https://issues.apache.org/jira/browse/CLEREZZA-438
Project: Clerezza
Issue Type: New Feature
Reporter: Henry Story
Priority: Minor
DANE (DNS-based Authentication of Named Entities) is an IETF group that is
working on specifying how to add public keys to DNSSEC as described in their
charter
http://tools.ietf.org/wg/dane/charters
Their latest draft spec is here http://tools.ietf.org/wg/dane/
DANE support should enable browsers to minimally authenticate servers that use
self signed certs. There are 3 times more such servers CA based ones. Putting
a self signed cert in the DNS should be a lot simpler a procedure than going
through CAs. There is a firefox plugin already to test this in a browser: ie
the browser should not longer show the DANGER error messages when coming across
such sites.
This is an interesting research topic with the following requirements:
- It would require DNSSEC libraries in Java.
- It be useful if apache.org was had a DNSSEC presence (it may have, I don't
know how to check)
Two use cases:
- make clerezza TLS requests Dane aware
- make it easy on booting Clerezza to add public key to DNS
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
