DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC).
Questions tagged [dane]
6 questions
6
votes
1 answer
How to use DANE with Java?
How can I write a X509TrustManager in Java that used DANE (DNS-based Authentication of Named Entities)?
Are there any samples or a library? Or has Java build in support for DANE?
Horcrux7
- 23,758
- 21
- 98
- 156
3
votes
0 answers
What is the correct TLSA record for the QUIC protocol?
As QUIC is based on UDP, is the following entry correct?
_443._udp.example.com. 300 IN TLSA 1 0 1 HASH...
duxsco
- 331
- 2
- 17
3
votes
2 answers
How to list all DNS records including DANE TLSA
I would like to list all/any DNS records including the DANE TLSA.
With
dig mailbox.org ANY
I get all records including DNSSEC etc. but nothing about DANE. Why?
With
dig _443._tcp.mailbox.org. ANY
I get the DANE TLSA records.
I've read the…
FelixF
- 31
- 1
- 2
2
votes
0 answers
What's the proper way to validate a (possible) self signed cert with DANE?
In a nutshell, DANE means: check the SSL certificate fingerprint against a DNS record.
What I'd like to do is: in a HTTPS request:
Check the regular SSL cert; If ok, done!
if it's a self signed cert (or failed to validate for any other reason)…
Falci
- 1,823
- 4
- 29
- 54
2
votes
0 answers
dane (TLSA) validation java
I need to validate the DANE certificate from random websites.
I have tried https://www.bouncycastle.org/java.html (The Bouncy Castle Crypto APIs for Java) and there is an example that goes near to what I need:…
user1579879
- 21
- 3
0
votes
1 answer
How add TLSA RR in Windows server 2016 DNS zone
I am going to implement DANE protocol on Windows server 2016. I configured DNS and Active directories. Now I want to generate self signed certificate for my domain and Generate TLSA record. and I want to add TLSA record in DNS.
Milind Sutar
- 9
- 1
- 2
- 8