DANE SMTP Extension
DANE stands for DNS-Based Authentication of Named Entities. DANE is used as a secured DNS infrastructure that is used for storing generic verifiable information for multi-factor verification. DANE protocol makes use of DNS system for storing the fingerprint that certifies which CA the Domain makes use of for protecting from the security breeches. DANE can put the entire certificate or only the public key in a DNS record that specifies about the key or certificate that will be used for connecting the over TCP port 443. Today DANE is mostly used for TLSA (Transport Layer Security Authentication) record type which is used to verify the PKIX certificate that is received from the website by querying for its information in DNS.
Working of DANE SMTP Extension:
Below figure describes about the working of DANE protocol.
The three main systems involved in the working of DANE are client, Web Server and DNS Server. The communication takes place according to the below steps:
- Step 1: The client browser initially connects to the web server. For example client connects to https://www.exampleabc.com
- Step 2: The web server then replies with the its certificate to the client.
- Step 3: The client asks for the TLSA (Transport Layer Security Authentication) record of www.exampleabc.com to its local DNS server.
- Step 4: The DNS server then performs a normal DNS lookup for www.exampleabc.com TLSA record and validates the response
Once the client receives validated TLSA record, the client browser then computes and performs comparison of value of the TLSA record from DNS with the certificate that is received from the web server. If these two does not match with each other, the web browser displays a warning message and does not loads the page.
SMTP Extensions: STARTTLS, and DANE
SMTP stands for Simple Mail Transfer Protocol. SMTP is an application layer protocol. Whenever a client needs to send mail, opens a TCP connection to the SMTP server and then sends mail over the network. The connection is established by the SMTP server through port 25.