Authentication of domain names is a fundamental function for Internet security. In order for applications to protect information from unauthorized disclosure, they need to make sure that the entity on the far end of a secure connection actually represents the domain that the user intended to connect to. For many years, authentication of domain names has been accomplished by having third-party Certification Authorities attest to which entities could represent a domain name. This system of external authorities, however, has recently come under heavy attack, and there have been several high-profile compromises [0]. The Domain Name System Security Extensions (DNSSEC) offer an alternative channel for distributing secure information about domain names, through the Domain Name System (DNS) itself. The DNS-based Authentication of Named Entities (DANE) working group in the Internet Engineering Task Force (IETF) has developed a new type of DNS record that allows a domain itself to sign statements about which entities are authorized to represent it. End users' applications can use these records either to augment the existing system of Certification Authorities or to create a new chain of trust, rooted in the DNS.