A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


DNS,Based Authentication of Named Entities (DANE): Can we fix our broken CA model? - Tony Cargile Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

DNS,Based Authentication of Named Entities (DANE): Can we fix our broken CA model?
Tony Cargile
Derbycon 2014

In this talk we take an exploratory look at DNS,Based Authentication by Named Entities (DANE), and consider how it could change the landscape of web security. The method of trusting a Certificate Authority to provide encryption and authentication for web sites has been seen to be weak at best, and due to multiple security incidents many consider this model to be completely broken. Mounting evidence supporting the risks of placing trust solely in the hands of a CA leaves many people with the question ‰is there an alternative?‰ DANE tries to address this weakness by allowing organizations to bind certificates used for TLS to their respective servers using DNS. Built on top of DNSSEC, DANE allows us to not rely solely on the CA for trust and instead places the trust of the TLS session on the DNS server: Are we just swapping one evil for another? In this session we will provide an introductory examination of the DANE and DNSSEC protocols, highlighting how the use of DANE could modify the current ways in which we use Certificate Authorities, as well as considering possible new attack vectors adoption may introduce. This talk is a must,see for anyone interested in the future of Internet Security and emerging technologies that may change the way we gain security assurance for our lives online.

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast