Practical TLS using DANE

DNS-based Authentication of Named Entities (DANE) is a technology that uses existing DNS infrastructure to decentralize the validation of a TLS certificate chain.

Simply put, DANE is a scalable system designed to ensure the website you visit is not malicious and you can be sure they are who they say they are.

It removes the need for a local store of "approved" root CA's. This results in a more free, open, secure, and decentralized Internet that's immune to censorship.

Traditionally, web browsers and any Internet enabled software that utilize TLS (transport layer security) keep a local database of root CA's. As you are probably thinking right now, it's a challenge to preload every CA in existence. The developers may not know about some lesser used ones.

This is why DANE exists. Rather than have the end-user (you) or a system administrator manually install missing Root CA's. A web browser that supports DANE can automatically use DNS to validate the TLS certificate installed on a website. This only works if the web hosting enables DANE on the website.

As of 2022, all Pacy World hosted websites that also host DNS with Pacy World have DANE automatically enabled.

This is still a new emerging technology and not all browsers support it. If your browser (or any other software application) does not support DANE, you may want to kindly send a note informing them of how they could improve the user experience by implementing DANE.

If you can't use DANE:

Click for instructions on how to add root CA's for Pacy World and TDMC, Inc. into your browser.

Pacy World® Pacy © 2007 - 2024 The Daniel Morante Company, Inc.