Bill, short answer. Dane is about placing high value information in the DNS, with out DNSSEC that is non-sensical.
Yes we had this discussion a long time ago (most of second half of 2011), the deciding point was around November 2011. starting with this message: http://www.ietf.org/mail-archive/web/dane/current/msg03748.html and this one is a followup to gather consensus http://www.ietf.org/mail-archive/web/dane/current/msg03864.html Olafur On Oct 1, 2014, at 12:37 PM, William Stouder-Studenmund <[email protected]> wrote: > I learned about DANE recently and was excitedly talking to some operations > friends of mine about it. Some of them work in shops that aren’t using DNSSEC > yet, and DANE’s requirement of it would trigger push-back from management. > *I* think they should be doing DNSSEC, but I’m not management. Making a case > for DANE means making a case for DNSSEC. > > I get that DANE can detect a large class of MITM attacks. Saying that isn’t > as convincing as handing over a list of, “DANE is designed to stop this, DANE > would have stopped that one,” and so on. > > If the answer is lurking in the list archives, feel free to just point me at > a date and I’ll look at that too. > > Take care, > > Bill > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
