

DNSSEC to fix the SSL mess? - pilif
http://www.gnegg.ch/2011/04/dnssec-to-clean-the-ssl-mess/

======
wibblenut
Yep. DNS-based Authentication of Named Entities (DANE):
<http://tools.ietf.org/html/draft-ietf-dane-protocol-06>

I'm glad DNS has been getting a lot of love lately. I just wish people would
realise what other cool stuff it's useful for. :)

~~~
pilif
I _knew_ I didn't just invent the sliced bread there. I'm happy to see that
the draft is from march 2011 though, so at least I wasn't years behind.

Now if only we could get DNSSEC going.

~~~
wibblenut
Well it was first drafted in 2002, and Jakob Schlyter actually wrote about it
recently:
[http://www.circleid.com/posts/20110327_death_of_the_pki_drag...](http://www.circleid.com/posts/20110327_death_of_the_pki_dragons/)

Along the same lines Google recently launched a DNS based service for certs it
knows about:
[http://googleonlinesecurity.blogspot.com/2011/04/improving-s...](http://googleonlinesecurity.blogspot.com/2011/04/improving-
ssl-certificate-security.html)

DNSSEC is now deployed at the root level for .com/.net/.org/.edu/.gov.

------
notaddicted
This presentation by DJB talks about DNSSEC a lot:
<http://news.ycombinator.com/item?id=2047794>

