DANE

E192671

DANE (DNS-based Authentication of Named Entities) is an Internet security protocol that uses DNSSEC to bind X.509 certificates to domain names, enabling more secure and flexible authentication for TLS and other services.

All labels observed (1)

Label Occurrences
DANE canonical 1

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf Internet security protocol
authentication protocol
allows domain owners to constrain trust anchors
domain owners to specify acceptable certificates
domain owners to specify acceptable public keys
binds X.509 certificates
public keys
bindsTo domain names
certificateUsageValue 0
1
2
3
definedIn RFC 6698
RFC 7218
RFC 7671
RFC 7672
RFC 7672
surface form: RFC 7673

RFC 7674
field certificate association data
certificate usage
matching type
selector
fullName DNS-based Authentication of Named Entities
goal improve security of TLS authentication
provide more flexible certificate validation policies
reduce dependence on traditional public CA infrastructure
introducedYear 2012
mechanism publishes TLSA records in DNS
recordType TLSA
relatedStandard DNSSEC
TLS
requires DNSSEC validation
securityProperty allows pinning of certificates or public keys
binds certificate information to DNS names via DNSSEC
enables authentication without relying solely on public CAs
protects against some certificate authority compromises
standardizedBy Internet Engineering Task Force
surface form: IETF
standardTrackStatus Proposed Standard
supportsProtocol SIP
SMTP
TLS
XMPP
supportsService HTTPS
client authentication
email transport security
server authentication
uses DNS resource records
DNSSEC
TLSA resource records

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

DNSSEC relatedStandard DANE