×

New RFC published by Working Group co-chaired by Ondřej Surý of CZ.NIC

News 05-09-2012

The DANE (DNS-based Authentication of Named Entities) working group, chaired by Ondřej Surý of CZ.NIC Laboratories and a Google representative, issued a new Internet standard in August. The current RFC (Request for Comments) number 6698 concerns a new technology that enables the verification of certification authorities on the basis of DNS. This quite revolutionary idea may considerably increase the use of DNSSEC technology by end users. The recently published Internet standard is the third document of its kind created with participation of CZ.NIC Laboratories.

The idea of storing certificate fingerprints in DNS has been circulating in the IETF (Internet Engineering Task Force) for quite some time, but could only be securely implemented after the root zone was signed using DNSSEC technology in July 2010. The first discussion of the project at what is known as a Birds of a Feather meeting, initiated by Ondřej Surý and Warren Kumari of Google, took place at the end of July 2010 at the annual 2010 IETF congress in Maastricht; the official DANE working group was established in the autumn of the same year. The first stage of this project, with the participation of an international team of experts, concluded this August with the publishing of RFC 6698, defining the new TLSA DNS record and methods of working with it.

“IETF has been working on the DANE project for more than two years. The objective of our effort is a fundamental change in the way certificates are used in Internet services. To date, anyone interested in obtaining a security certificate had to contact a certification authority, but the new technology allows them to create their own certificate and store it in DNS secured with DNSSEC. This will save time and money,” adds Ondřej Surý, Head of CZ.NIC Laboratories.

At the last meeting in Vancouver, members of the DANE working group agreed on the further development of the project. The group is planning to create a more precise definition of the use of TLSA records in Internet protocols such as SMTP, XMPP, and SIP. Other tasks will include creating functional implementations for example in web browsers such as Mozilla Firefox or Google Chrome.

Go to Original Article

Published By