[
https://issues.apache.org/jira/browse/CLEREZZA-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henry Story resolved CLEREZZA-438.
----------------------------------
Resolution: Later
Ok Dane is not a finished spec yet. But if a student is working in this area,
it would be good to get him on this caser here, as it would be very useful to
us.
> DANE support in Clerezza
> -------------------------
>
> Key: CLEREZZA-438
> URL: https://issues.apache.org/jira/browse/CLEREZZA-438
> Project: Clerezza
> Issue Type: New Feature
> Reporter: Henry Story
> Priority: Minor
> Labels: security, webid
>
> DANE (DNS-based Authentication of Named Entities) is an IETF group that is
> working on specifying how to add public keys to DNSSEC as described in their
> charter
> http://tools.ietf.org/wg/dane/charters
> Their latest draft spec is here http://tools.ietf.org/wg/dane/
> DANE support should enable browsers to minimally authenticate servers that
> use self signed certs. There are 3 times more such servers CA based ones.
> Putting a self signed cert in the DNS should be a lot simpler a procedure
> than going through CAs. There is a firefox plugin already to test this in a
> browser: ie the browser should not longer show the DANGER error messages when
> coming across such sites.
> This is an interesting research topic with the following requirements:
> - It would require DNSSEC libraries in Java.
> - It be useful if apache.org was had a DNSSEC presence (it may have, I don't
> know how to check)
>
> Two use cases:
> - make clerezza TLS requests Dane aware
> - make it easy on booting Clerezza to add public key to DNS
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
