{"id":8825,"date":"2011-04-14T12:05:57","date_gmt":"2011-04-14T16:05:57","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=8825"},"modified":"2011-04-14T12:05:57","modified_gmt":"2011-04-14T16:05:57","slug":"dane-to-address-weaknesses-in-internet-security","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2011\/04\/14\/dane-to-address-weaknesses-in-internet-security\/","title":{"rendered":"DANE to address weaknesses in internet security?"},"content":{"rendered":"<p><a href=\"http:\/\/www.economist.com\/blogs\/babbage\/2011\/04\/internet_security\" target=\"_blank\"><em>The Economist<\/em><\/a> looks at a possible way to address the known weaknesses of the current internet security defaults:<\/p>\n<blockquote>\n<p>[A] comprehensive solution would let domain owners confirm that the names and machine numbers issued by a given CA are kosher. Under DNS-based Authentication of Named Entities (DANE), a standard being developed by Mr Schultze and others at the Internet Engineering Task Force, a browser retrieves a certificate from a web server, but checks with the DNS whether the certificate is in fact the one that was issued to a given domain owner. So, though a CA will still provide a validation step, the domain owner will have had to give it the thumbs up first. To prevent malevolent fiddling the DNS infrastructure itself needs to be secured, too. A long-running effort to do this, known as DNSSEC, hit a key milestone in 2010 and may have enough pieces in place soon to be usable. This is important because DANE would be incomplete without it. <\/p>\n<p>Whilst all current browsers must be updated to take advantage of DANE, the new system can coexist with the old, and a gradual transition can be made. Browser plug-ins could bridge the gap before browser makers build in DANE, too. Those that want the added robustness of the new system &mdash; whether individuals, companies, or governments &mdash; may accelerate the adoption of updated browsers as DANE becomes available.<\/p>\n<p>These moves do not provide total assurance that what your browser is told about an internet site&#8217;s identity and security is true. Trust, but verify &mdash; and verify again.<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>The Economist looks at a possible way to address the known weaknesses of the current internet security defaults: [A] comprehensive solution would let domain owners confirm that the names and machine numbers issued by a given CA are kosher. Under DNS-based Authentication of Named Entities (DANE), a standard being developed by Mr Schultze and others [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[58,334],"class_list":["post-8825","post","type-post","status-publish","format-standard","hentry","category-technology","tag-internet","tag-security"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-2il","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/8825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=8825"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/8825\/revisions"}],"predecessor-version":[{"id":8826,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/8825\/revisions\/8826"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=8825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=8825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=8825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}