OpenSSL Conference

DNSSEC and DANE offer an alternative to the established WebPKI that avoids needing to trust too many third-party CAs. The right party to assert who controls a domain is the parent registry in coördination with the domain registrar; 3rd-party CAs are second-hand observers performing weak trust-on-first-use tests of "domain control".

This talk will cover the preliminaries of DNSSEC and DANE and then explore support for DANE in the OpenSSL API.

The Postfix MTA supports email SMTP over TLS both as server (inbound) and client (outbound).
Postfix makes extensive use of the OpenSSL TLS API, out of approximately 166k lines of code, around 12k LOC are TLS-related. Postfix.
Multiple security models are available as either default or per-destination options:

• cleartext ("none"),
• opportunistic TLS ("may"),
• unauthenticated mandatory TLS ("encrypt")
• Pinned key/cert digests ("fingerprint")
• opportunistic DANE TLS ("dane")
• mandatory DANE TLS ("dane-only")
• mandatory PKIX TLS ("secure")

Advanced features include:
* Explicit initialisation with a non-default configuration file and/or application name
* Cross-process connection reuse
* Cross-process external session cache (primarily for clients)
* Ticket-based session resumption for servers, with regular session ticket encryption key rollover
* Per destination trust anchors,
* Multi-valued hostname checks,
* SNI-based key pair selection,

The DANE support in OpenSSL originated as code in Postfix, as part of which the X.509 certificate chain verification code was substantially cleaned up and extended. Other minor changes also originated in Postfix over the years.