DANE manifesto

The Calyx Institute DANE Manifesto

If you have been following network security news as closely as I have you are probably already aware of problems with the X509 certificate system and the system of commercial Certificate Authorities. There have been a number of notable security incidents over the past few years which have made it apparent that organizations that care about security really need to take additional steps above and beyond purchasing a commercial SSL certificate to secure their encrypted services.  We would like to make the case that the use of DANE / TLSA is an appropriate security measure to mitigate the problems with the X509 certificate system.

The Problem with the X509 Certificate System

Why DANE / TLSA is an appropriate countermeasure against certificate forgery

The Problem with the X509 Certificate System