STARTTLS og DANE
The DANE standard is an extra security check of both web and email. DANE is an identity verification tool that double-checks whether everything is as it should be. Think of a fake driving licence that looks just like a real one – only the licence number will reveal that it is a fake. DANE serves as a registry to verify that the number on the driving licence is real and that it matches the owner of the licence.
- "Opportunistic Security: Some Protection Most of the Time" by V. Dukhovni
- "New e-mail security protocols mandatory within government" af Marco Davids (SIDNlabs)
- "The sad state of SMTP encryption" by Filippo Valsorda
- How-to on 'DANE for SMTP' fra Dutch Internet Standards Platform
- Wiki over 'DANE for SMTP'
- Factsheet \"Secure the connections of mail servers\" from NCSC-NL
- "ICT securitity guidelines for TLS v2.0" from NCSC-NL
- BSI TR-03108 Sicherer E-Mail-Transport from German Federal Office for Information Security
- Special Publication 1800-6: “Domain Name Systems-Based Electronic Mail Security” from NIST
Specifications and guidelines
- RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
- RFC 7672: SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
- RFC 7671: The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance"