Encaya
TLS interop with alternative/decentralised CA mechanisms
Public certificate authorities as used by the TLS ecosystem play a critical role, but the fact that there are many such authorities forms a security liability. DANE (DNS-Based Authentication of Named Entities) provides a complementary mechanism that provides an additional check on top of the public CA's through DNS; it is yet to see meaningful adoption by major TLS implementations.
Encaya is a compatibility layer that provides DANE-like functionality in TLS implementations that don't support DANE. It is used in production by Namecoin, an alternative decentralized naming system. By only replacing the root CA list rather than the entire TLS stack, Encaya achieves considerably smaller attack surface than other similar compatibility layers. This grant covers efforts to improve Encaya's scalability, standardize its behavior, and extend its usage beyond Namecoin.
- The project's own website: https://www.namecoin.org/
Run by The Namecoin Project
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
