Can DNSSEC and DANE Add a Layer Of Trust to TLS and DNS?
If we agree that the existing Certificate Authority (CA) system for TLS is broken, how do we fix it? Can the DANE protocol (RFC 6698) and DNSSEC provide a solid mechanism to add a layer of trust to network connections that use TLS? What do we need to do to use DANE and to get DANE more widely deployed? Join other peers in this discussion about how the DANE protocol works, how it is currently being implemented, (particularly in email and XMPP systems) and how DANE might be used in different scenarios. Bring your ideas and criticisms, and be prepared for a lively discussion.