DNSSEC + DANE: Part 1

Problem Communications on the Internet overwhelmingly rely on SSL/TLS for protection. There are two forms of protection this is meant to provide - from snooping of traffic, and from impersonation. The first of those gets a lot of attention but, unless we have the latter as well, an attacker can snoop on your traffic by performing a man-in-the-middle attack on you with a dodgy certificate. Unfortunately, the current method of providing protection-from-impersonation is terrible.

Read More