18.02.2019

Improving Security of Communications – DANE & DNSSEC on stage at M3AAWG

Patrick Koetter, Leader of the eco Competence Groups Email and Anti-Abuse, explains in interview the burning topic for him at M3AAWG in San Francisco.

Patrick, why are you attending M3AAWG, and what will you be presenting on?

Patrick Koetter: There are a range of reasons, and I’ll be wearing several hats while I’m there. Firstly, the company I work, sys4 (which is a member of eco), was one of the main driving forces behind something which has become widely known as DANE (DNS-based Authentication of Named Entities), as a standard that protects email transport. And the talk at M3AAWG is about DANE, and deals with the question: What’s keeping you? What’s holding you back from using DANE? So that’s one of the reasons I’m there – I am one of the people behind DANE, and I try to promote it when I can. I’m also leader of the Anti-Abuse and Email Competence Groups at eco, and DANE is about protecting email from abuse. This means that DANE is part of my work at eco.

Can you tell us little bit about DANE?

Patrick Koetter: We all have encrypted transmission mechanisms today helping to keep messages away from prying eyes while they’re in transport, and transport layer security (that’s the technology behind it) has become very popular since the Snowden revelations. But there are a few design flaws in transport layer security, and one of the major design flaws is that although it’s safe once the two parties have agreed to use transport layer security, the initiation of the communication is very unsafe. A party that wants to use transport layer security can be tricked into talking to the wrong party. So you might end up sending very sensitive information to the wrong party over a secure channel.

DANE fixes that. It authenticates the parties involved. It helps the email client to verify the server with which it is communicating.

And the reason to go to M3AAWG to talk about DANE is that there are more than a million domains out there now that use DANE. One of the driving forces behind this development is the company One.com, which is also an eco member. They have enabled many DANE domains, DNSSEC domains, over the last two months, which has boosted the adoption of DANE in the world market. One.com works together with halon.io, who build mail servers, and who provide the mail server for One.com. Both asked for the panel at the M3AAWG meeting, and asked Viktor Dukhovny – the grand master behind DANE – and me to also be at the session.

M3AAWG meetings take place under strict anonymity and reporting guidelines, which can make it difficult to find out what goes on at meetings. So, can you tell us who should be attending M3AAWG meetings and getting involved in the discussions, and why?

Patrick Koetter: It’s the world’s biggest and best conference for messaging. Especially if you go to the States, to the M3AAWG meeting in San Francisco: this is where all the large mail providers meet and discuss things that have to do with messaging and abuse.

But even so, M3AAWG is not just about emailing, it’s about all kinds of messaging.

And why should they go now? They should come along and attend our presentation! We’re going to be talking about the best practices, the learnings we’ve had over the last few years, both from the receiving and from the sending side. Things you would like to consider if you are thinking about rolling out DANE on your platform.

Is M3AAWG only for technical people?

Patrick Koetter: No, but it is members-only. It is very technical but it’s also about policy and email marketing, so non-technical people might might like to be there as well. There is a lot of business going on (although the M3AAWG people don’t like to hear that much!).

You mentioned before that there are a range of reasons for you personally to attend. What are the others?

Yeah, I’m not only going there as Mr. Patrick Koetter, who works for sys4 and whose company is an eco member. I’m also going there because I’m the Leader of the eco Competence Groups Anti-Abuse and Email. And we at eco have decided to make DNSSEC one of our major topics for this year. And if you want to use DANE, you need to have DNSSEC in place. So, being there and speaking about DANE and DNSSEC also has something to do with the fact that eco advocates for the broader uptake of DNSSEC. eco’s email whitelisting project, the Certified Senders Alliance (CSA), is also currently considering adding DNSSEC to their rules. (And on that note, the CSA’s Alex Zeh will also be attending M3AAWG, so anyone interested in the CSA’s plans can have a chat with him there.)

DNSSEC is part of what we at eco think is required when we talk about secure infrastructure. If you want to trade on the Internet, you need reliable and secure infrastructure. You need to know that you are handing over your payment data to the right party and not to the wrong party. And DNSSEC plays a vital part in ensuring that your browser, your e-mail client, whatever tool you’re using, is talking to the right instance.

Improving Security of Communications – DANE & DNSSEC on stage at M3AAWG 1