[jira] [Updated] (CLEREZZA-438) DANE support in Clerezza

["Tommaso Teofili (Updated) (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CLEREZZA-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tommaso Teofili updated CLEREZZA-438:
-------------------------------------

    Fix Version/s: 0.2-incubating
    
> DANE support in Clerezza 
> -------------------------
>
>                 Key: CLEREZZA-438
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-438
>             Project: Clerezza
>          Issue Type: New Feature
>            Reporter: Henry Story
>            Priority: Minor
>              Labels: security, webid
>             Fix For: 0.2-incubating
>
>
> DANE (DNS-based Authentication of Named Entities) is an IETF group that is working on specifying how to add public keys to DNSSEC as described in their charter
> http://tools.ietf.org/wg/dane/charters
> Their latest draft spec is here http://tools.ietf.org/wg/dane/
> DANE support should enable browsers to minimally authenticate servers that use self signed certs. There are 3 times more such servers  CA based ones. Putting a self signed cert in the DNS should be a lot simpler a procedure than going through CAs. There is a firefox plugin already to test this in a browser: ie the browser should not longer show the DANGER error messages when coming across such sites. 
> This is an interesting research topic with the following requirements:
>  - It would require DNSSEC libraries in Java. 
>  - It be useful if apache.org was had a DNSSEC presence (it may have, I don't know how to check)
>  
> Two use cases:
>  - make clerezza TLS requests Dane aware
>  - make it easy on booting Clerezza to add public key to DNS
>  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira