DANE with OpenSSL: PKIX certificate authentication throughDNS using OpenSSL
Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
X.509 is an ITU standard for a public key infrastructure (PKI), which specifies, among other things, formats for public key certificates, certificate requests, certificate revocation lists and certification path validation algorithm. The X.509 standard was primarily designed to support the X.500 structure. However, today’s use cases centre mostly on the Internet. IETF’s Public-Key Infrastructure (X.509) working group has adapted the standard to the requirements and structure of the Internet. RFC 5280 specifies the PKIX Certificate and CRL Profile of the X.509v3 certificate standard. PKIX certificates are used for validating the identity or identities of the communicating parties, and optionally establishing secure keying material for protection of a message or a communications channel. Authentication and establishment of a secure communications channel on top of TCP with the Transport Layer Security protocol (TLS, RFC 5247) or the Secure Sockets Layer protocol (SSL) is probably the most common application of PKIX on the Internet. The IETF is converging on a standard for integration of X.509 Public Key Infrastructure with DNS and DNSSEC (DANE). In order to reach wide adoption, the concept must be validated through interoperability tests between multiple independent implementations.
An implementation of the DANE standard has been demonstrated through an extension to the OpenSSL library. All use cases in the DANE standard has been validated to work as documented in the standard.
The DANE standard is implementable and reaches the results it sets out to achieve.
Place, publisher, year, edition, pages
IT, 12 027
Engineering and Technology
IdentifiersURN: urn:nbn:se:uu:diva-176749OAI: oai:DiVA.org:uu-176749DiVA: diva2:537024
Bachelor Programme in Computer Science
Rohner, ChristianGällmo, Olle