DNS-based Authentication of Named Entities
E831086
DNS-based Authentication of Named Entities (DANE) is an Internet security protocol that uses DNSSEC to bind X.509 certificates to domain names, enabling secure TLS connections without relying solely on traditional certificate authorities.
All labels observed (1)
| Label | Occurrences |
|---|---|
| DNS-based Authentication of Named Entities canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T9932162 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DNS-based Authentication of Named Entities Context triple: [DANE, fullName, DNS-based Authentication of Named Entities]
-
A.
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.
-
B.
Automated Updates of DNS Security (DNSSEC) Trust Anchors
"Automated Updates of DNS Security (DNSSEC) Trust Anchors" is an IETF specification that defines a mechanism for DNS resolvers to automatically maintain and update their DNSSEC trust anchors without manual intervention.
-
C.
Protocol Modifications for the DNS Security Extensions
"Protocol Modifications for the DNS Security Extensions" is an IETF standards-track document (RFC 4035) that specifies how DNSSEC is operationally implemented and processed by DNS resolvers and authoritative servers.
-
D.
DNS Root Name Service Protocol and Deployment Requirements
"DNS Root Name Service Protocol and Deployment Requirements" is an IETF specification that defines the technical and operational requirements for the protocols and deployment practices used by the DNS root name service.
-
E.
Clarifications to the DNS Specification
Clarifications to the DNS Specification is an IETF document (RFC 2181) that refines and corrects aspects of the original Domain Name System standards to ensure more consistent and interoperable DNS implementations.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DNS-based Authentication of Named Entities Target entity description: DNS-based Authentication of Named Entities (DANE) is an Internet security protocol that uses DNSSEC to bind X.509 certificates to domain names, enabling secure TLS connections without relying solely on traditional certificate authorities.
-
A.
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence is a DNSSEC extension that uses cryptographic hashing to provide verifiable, secure proof that a requested DNS name or type does not exist without revealing the full contents of a zone.
-
B.
Automated Updates of DNS Security (DNSSEC) Trust Anchors
"Automated Updates of DNS Security (DNSSEC) Trust Anchors" is an IETF specification that defines a mechanism for DNS resolvers to automatically maintain and update their DNSSEC trust anchors without manual intervention.
-
C.
Protocol Modifications for the DNS Security Extensions
"Protocol Modifications for the DNS Security Extensions" is an IETF standards-track document (RFC 4035) that specifies how DNSSEC is operationally implemented and processed by DNS resolvers and authoritative servers.
-
D.
DNS Root Name Service Protocol and Deployment Requirements
"DNS Root Name Service Protocol and Deployment Requirements" is an IETF specification that defines the technical and operational requirements for the protocols and deployment practices used by the DNS root name service.
-
E.
Clarifications to the DNS Specification
Clarifications to the DNS Specification is an IETF document (RFC 2181) that refines and corrects aspects of the original Domain Name System standards to ensure more consistent and interoperable DNS implementations.
- F. None of above. chosen
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf | Internet security protocol ⓘ |
| abbreviation | DANE NERFINISHED ⓘ |
| allows |
domain owners to specify acceptable TLS certificates
ⓘ
use of self-signed certificates with DNSSEC-based trust ⓘ |
| appliesTo |
HTTPS
ⓘ
IMAP NERFINISHED ⓘ POP3 NERFINISHED ⓘ SMTP NERFINISHED ⓘ XMPP NERFINISHED ⓘ |
| certificateUsageModes |
CA constraint
ⓘ
domain-issued certificate ⓘ service certificate constraint ⓘ trust anchor assertion ⓘ |
| complements |
certificate authority-based validation
ⓘ
public key infrastructure ⓘ |
| definedIn |
RFC 6698
NERFINISHED
ⓘ
RFC 7671 NERFINISHED ⓘ RFC 7672 NERFINISHED ⓘ RFC 7673 NERFINISHED ⓘ |
| enables |
certificate pinning via DNS
ⓘ
opportunistic TLS for SMTP ⓘ verification of TLS server certificates via DNSSEC ⓘ |
| introduced | 2012 ⓘ |
| operatesAtLayer | application layer ⓘ |
| operatesWith |
TCP-based services
ⓘ
UDP-based services ⓘ |
| primaryGoal |
bind X.509 certificates to domain names
ⓘ
enable authentication of TLS endpoints via DNSSEC ⓘ reduce reliance on traditional certificate authorities ⓘ |
| protects |
HTTPS connections
ⓘ
SMTP over TLS ⓘ TLS connections ⓘ |
| protectsAgainst |
compromise of public certificate authorities
ⓘ
man-in-the-middle attacks on TLS ⓘ |
| recordType | TLSA NERFINISHED ⓘ |
| relatedTo |
CAA DNS records
ⓘ
DNS Certification Authority Authorization NERFINISHED ⓘ |
| reliesOn |
DNSSEC validation by resolvers
ⓘ
DNSSEC-signed zones ⓘ TLSA records at service domain names ⓘ |
| requires | DNSSEC validation on client side or resolver side ⓘ |
| securityModel | DNSSEC-based trust model ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
Internet Engineering Task Force NERFINISHED ⓘ |
| status | Proposed Standard ⓘ |
| uses |
DNS Security Extensions
NERFINISHED
ⓘ
DNSSEC NERFINISHED ⓘ Domain Name System NERFINISHED ⓘ TLSA resource records NERFINISHED ⓘ Transport Layer Security NERFINISHED ⓘ X.509 certificates NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DNS-based Authentication of Named Entities Description of subject: DNS-based Authentication of Named Entities (DANE) is an Internet security protocol that uses DNSSEC to bind X.509 certificates to domain names, enabling secure TLS connections without relying solely on traditional certificate authorities.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.