DANE -- How to use DNSSEC to keep PKI on a leash

Abstract

The recent events in the world of Public Key Infrastructure has shown we may need to question our trust in the Public Certification Authorities. This talk will show how to use DNSSEC to constrain, and possible supersede, trust in PKI using DANE (DNS-based Authentication of Named Entities).

Biography

Jakob Schlyter, IT security advisor at Kirei in Göteborg. He has been working with DNSSEC for more than 12 years and is one of the people to be blamed for the birth of the Unbound recursive nameserver and the OpenDNSSEC signing platform, as well as for several Internet Drafts and Requests for Comments in the DNS and DNSSEC areas.

Jakob was recently interviewed about DANE by the Dutch IT publication Webwereld.