LASCON 2014 has ended
Thursday, October 23 • 11:00am - 11:45am
DNS-Based Authentication of Named Entities (DANE): Can we fix our broken CA model?

Sign up or log in to save this to your schedule and see who's attending!

In this talk we take an exploratory look at DNS-Based Authentication by Named Entities (DANE), and consider how it could change the landscape of web security. The method of trusting a Certificate Authority to provide encryption and authentication for web sites has been seen to be weak at best, and due to multiple security incidents many consider this model to be completely broken. Mounting evidence supporting the risks of placing trust solely in the hands of a CA leaves many people with the question “Is there an alternative?” 

Built on top of DNSSEC, DANE allows us to not rely solely on the CA for trust and instead places the trust of the TLS session on the DNS server: Are we just swapping one evil for another? In this session we will provide an introductory examination of the DANE and DNSSEC protocols, highlighting how the use of DANE could modify the current ways in which we use Certificate Authorities, as well as considering possible new attack vectors adoption may introduce. 

This talk is a must-see for anyone interested in the future of Internet Security and emerging technologies that may change the way we gain security assurance for our lives online. 


Thursday October 23, 2014 11:00am - 11:45am
Magnolia Room Norris Conference Center, http://lascon.org/venue/

Attendees (0)