DNS-based authentication of named entity (DANE)

DANE(DNS-Based Authentication of Named Entities) is a technique for securing encrypted mail transport. The DANE technique eliminates vulnerabilities in the Secure Socket Layer( SSL) protocol and the Transport Layer Security( TLS) protocol used to authenticate and encrypt Internet connections, thereby increasing the security of e-mail and access to websites.

In DANE, the mail provider deposits the digital fingerprint of the SSL certificate in the DNS system, where the data is encrypted by the Domain Name System Security Extension( DNSsec), which works with cryptographic domain names. DNSsec guarantees the authenticity of the sender and prevents the domain name from being manipulated. All components involved in mail communication, such as the mail server, resolver, e-mail client and web browser, can use it to check certificates for authenticity. This means that the security conditions arechecked before each connection is established.

With DANE, when mail is sent, an encrypted request is first sent by the e-mail client to the mail server, which sends it to the DNS server for authentication using DNSsec. The DNS server sends a checksum for the public key to the mail server, which needs it for mail transport to the receiving mail server.

The DANE technique prevents attacks on the transmission channel such as man-in-the-middle (MItM) attacks. Since the mails on the servers are also unencrypted with this method, they must be encrypted with the S/ MIME algorithm or with Pretty Good Privacy( PGP).