Score:2

Which clients support self-signed certificates with DANE?

ru flag

We've been considering to make more use of DANE as a decentralised authority for our certificates.

Especially with S/MIME.

However, the key obstacle is... how widely are DANE treated as an authority with mail clients?

Is there a list with all the clients (mail, web, ftp, ssh and etc...) that support DANE?

Thanks,

us flag
As far as I understand: DANE verification does not happen on client side but rather as a part of DKIM verification on server side. One thing is you have published a public key for DKIM signatures on your server, but you need DANE in conjunction with DNSSEC to verify that the given key is actually an authorised key for a given domain. To that end DANE is transparent for the end user. I haven't heard about DANE being used for https and ftps at all. The closest thing is probably the use of `CAA` records.
Haneef Ibn Ahmad avatar
ru flag
By DANE, I mean this: DANE (DNS-based Authentication of Named Entities). DKIM is better implemented with DNSSEC, but there isn't a requirement for that. I think you're confusing DANE with similar use cases. You could read more here: https://blog.verisign.com/security/how-dane-strengthens-security-for-tls-smime-and-other-applications/
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.