I learned about DANE recently and was excitedly talking to some operations friends of mine about it. Some of them work in shops that aren’t using DNSSEC yet, and DANE’s requirement of it would trigger push-back from management. *I* think they should be doing DNSSEC, but I’m not management. Making a case for DANE means making a case for DNSSEC.
I get that DANE can detect a large class of MITM attacks. Saying that isn’t as convincing as handing over a list of, “DANE is designed to stop this, DANE would have stopped that one,” and so on. If the answer is lurking in the list archives, feel free to just point me at a date and I’ll look at that too. Take care, Bill _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
