Which clients support self-signed certificates with DANE?

Haneef Ibn Ahmad

11/22/22, 12:59 PM

We've been considering to make more use of DANE as a decentralised authority for our certificates.

Especially with S/MIME.

However, the key obstacle is... how widely are DANE treated as an authority with mail clients?

Is there a list with all the clients (mail, web, ftp, ssh and etc...) that support DANE?

Thanks,

0 + 2

certificate

ssl-certificate

certificate-authority

smime

self-signed-certificate

Lasse Michael Mølgaard

11/22/22, 1:47 PM

As far as I understand: DANE verification does not happen on client side but rather as a part of DKIM verification on server side. One thing is you have published a public key for DKIM signatures on your server, but you need DANE in conjunction with DNSSEC to verify that the given key is actually an authorised key for a given domain. To that end DANE is transparent for the end user. I haven't heard about DANE being used for https and ftps at all. The closest thing is probably the use of `CAA` records.

Haneef Ibn Ahmad

11/22/22, 4:10 PM

By DANE, I mean this: DANE (DNS-based Authentication of Named Entities). DKIM is better implemented with DNSSEC, but there isn't a requirement for that. I think you're confusing DANE with similar use cases. You could read more here: https://blog.verisign.com/security/how-dane-strengthens-security-for-tls-smime-and-other-applications/

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Which clients support self-signed certificates with DANE?

TH: ไคลเอนต์ใดบ้างที่รองรับใบรับรองที่ลงนามด้วยตนเองกับ DANE

RO: Ce clienți acceptă certificate autosemnate cu DANE?

RU: Какие клиенты поддерживают самозаверяющие сертификаты с DANE?

VI: Khách hàng nào hỗ trợ chứng chỉ tự ký với DANE?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.