The IESG has approved the following document: - 'Using Secure DNS to Associate Certificates with Domain Names For S/MIME' (draft-ietf-dane-smime-16.txt) as Experimental RFC This document is the product of the DNS-based Authentication of Named Entities Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dane-smime/ Technical Summary: This document proposes a method to publish and "locate" S/MIME keys via DNS. The goal of this approach is to make it easier to find S/MIME keys for email addresses. The document reuses a "method" from RFC7929 to convert email-address into a special normal form. that is limited but is expected to cover many cases. The S/MIME DNS record specified has been allocated by an Expert Review. While the method inherited from RFC7929 has some detractors, this is an experimental document, and that should not block the publication. Working Group Summary: The main issues that the WG has discussed are a) is it a good idea to publish email addresses in DNSSEC signed zone? b) is the role of the normalization from strictly a normalization or an obfuscation as well? The consensus of the WG is that as the publication is by the zone owner it is an opt-in policy, there is no requirement for adoption thus the issue need to be addressed in the light of each organizations polices, i.e this is not a protocol issue. There is working group consensus to advance this document. During AD review, the WG confirmed that they are ok to proceed even though the current IPR declaration (still!) says that licensing will be provided "later" Document Quality: This document is of high quality, and editors have been real good at making the document better. This document stands on the shoulders of RFC 7929 Personnel: Document Shepherd is Olafur Gudmundsson Responsible AD is Stephen Farrell
