Secure decoupled messaging with DANE and the TLSA resource record

Decoupled and Secure

© Photo by Dayne Topkin on Unsplash.com

© Photo by Dayne Topkin on Unsplash.com

Article from Issue 244/2021
Author(s):

Decoupled application design gets in the way of secure communication, but a little known feature of DNS can provide message security.

Traditional security mechanisms like Transport Layer Security (TLS) provide the ability to authenticate both sides of a direct session between two parties, and to encrypt the traffic passing over the authenticated session. For applications that fit into the footprint of the client/server architecture, TLS is a fine solution for authentication and encryption.

However, as applications become more sophisticated, client/server applications are often challenged to maintain availability with a large number of clients. Middleware layers often serve as a means for providing more graceful scaling. The practice of adding layers to the application stack connecting communicating parties is called decoupling. Decoupled applications – applications that may contain components like message queues or brokers between the message sender and receiver – have been around for many years. Decoupled designs are now employed for building massive IoT applications, like smart cities and facilities automation.

Message brokers and other middleware components offer many advantages, but they also add some complications. One problem is that a message broker prevents the sender and receiver from establishing a direct session that can be secured with TLS. If you don't have a direct connection, how do you encrypt the data and also authenticate both sides of a session?

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The State of Email

    Email encryption is not that difficult – and it is more important now than ever before. We take a look at some important tools and trends in email encryption.

  • Workspace: Digital Signatures

    We'll show you the free and easy way to set up digital signatures for office documents and email.

  • Ask Klaus!

    SSL Encryption and Signature Compilation

  • Thunderbird Security

    Thunderbird offers several options for secure email, and the GnuPG-based Enigmail encryption add-on provides an additional layer of protection.

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News