Unknown Key-Share Attacks on DNS-based Authentications of Named Entities (DANE)

Document Type Expired Internet-Draft (individual)
Authors Richard Barnes  , Martin Thomson  , Eric Rescorla 
Last updated 2017-04-12 (latest revision 2016-10-09)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Unknown key-share attacks are a class of attacks that allow an attacker to deceive one peer of a secure communication as to the identity of the remote peer. When used with traditional, PKI-based authentication, TLS-based applications are generally safe from unknown key-share attacks. DNS-based Authentication of Named Entities (DANE), however, proposes that applications perform a different set of checks as part of authenticating a TLS connection. As a result, DANE as currently specified is likely to lead to unknown key-share attacks when clients support DANE for authentication. We describe these risks and some simple mitigations.


Richard Barnes (rlb@ipv.sx)
Martin Thomson (martin.thomson@gmail.com)
Eric Rescorla (ekr@rftm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)