DANE (DNS-based Authentication of Named Entities):
- enhances security overall
- mitigates DNS spoofing
- legitimizes self-signed certificates
I understand why browsers traditionally off punted this feature and have instead introduced things like Certificate Transparency and HTTP Public Key Pinning but I think DANE is worth working on. For one, it's a thorn in the side of certificate authorities. Between DANE and LetsEncrypt, their only customers are enterprise-level...the web is for the rest of us anyway, so I don't see the issue.
If nothing else, Orion can boast about being more secure than Chrome and Safari. That's a fun feather in your cap.
This is an internet infrastructure feature. No direct benefits for anyone per se, just enhanced security for everyone. With sophisticated phishing on the rise and the prevalence of user tracking, any security enhancements are good defense.
