2025-10-08 –, Prague/ Technical Deep Dive & Innovation
DNSSEC and DANE offer an alternative to the established WebPKI that avoids needing to trust too many third-party CAs. The right party to assert who controls a domain is the parent registry in coördination with the domain registrar; 3rd-party CAs are second-hand observers performing weak trust-on-first-use tests of "domain control".
This talk will cover the preliminaries of DNSSEC and DANE and then explore support for DANE in the OpenSSL API.
OpenSSL 1.1.0 and later include support for DANE-based authentication of TLS peers. DANE is a robust alternative to client-side certificate pinning, which unsurprisingly proved too brittle because of pervasive stale pins. With DANE the expected certificate or public key (typically its digest) is published by the server operator, who is also in control of the associated certificates.
DANE supports pinning of issuer CAs, or EE certificates (or both, with success when either matches). When the DANE TLSA record in DNS pins the server's public key(s), DANE can be used with OpenSSL's support RFC7250 raw public keys.
DANE obviates the need for revocation lists, because TLSA records have sufficiently short TTLs, and DNSSEC signatures over the TLSA RRset need not be valid for more than a few days (or hours!).
The talk will cover initialisation of SSL contexts for use with DANE, per-connection configuration of TLS clients with the server's TLSA records, and use of DANE with raw public keys.
Contributor to Postfix since 2001, primary maintainer of its TLS stack. Active user of OpenSSL since ~2006. Active contributor to OpenSSL since 2016, in particular author of OpenSSL DANE support with a general focus on the X.509 verification code and its use in TLS. Member of OpenSSL OMC from ~2016-2019. More recently actively contributed to the integration of ML-KEM and ML-DSA into OpenSSL 3.5. Other technical areas of expertise include SMTP email and DNS.