Abstract:
TLS protocol is used to have secure communication between 2 entities. TLS works with email servers via STARTTLS handshake. However, there are several security problems with STARTTLS which can in the severe case leads to plain text communication. As part of the TLS handshake, a certificate is exchanged between the client and the server, this certificate is issued by a Certificate Authority(CA). There can be security problems with CAs themselves like CA issuing fake certificates, etc. To overcome these issues, the DNS-Based Named Entities (DANE) protocol was introduced which can be used with both Web and Email protocols [22].
This thesis work includes the implementation of DANE Probe in US-Scanner for analyzing email servers. TLS-Scanner is a tool to analyze TLS server configurations and security issues. The second part of this work includes analyzing the DANE ecosystem in the wild and presenting trends in the adaption of DANE using TLS-Crawler. TLS-Crawler is a tool which uses TLS-Scanner and is used to perform large-scale scans.