Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:
- 'A DANE Record and DNSSEC Authentication Chain Extension for TLS'
  (draft-ietf-tls-dnssec-chain-extension-07.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-dnssec-chain-extension/





Technical Summary

   This draft describes a new TLS extension for transport of a DNS
   record set serialized with the DNSSEC signatures needed to
   authenticate that record set.  The intent of this proposal is to
   allow TLS clients to perform DANE authentication of a TLS server
   without needing to perform additional DNS record lookups.  It will
   typically not be used for general DNSSEC validation of TLS endpoint
   names.

Working Group Summary

   There was good support and no controversy on list or in meetings.

Document Quality

   The draft has had a fair amount of review.  I am not aware of 
   implementations as it wasn't reported by the document
   shepherd. 

Personnel

   The document shepherd is Joseph Salowey and the 
   responsible AD is Kathleen Moriarty.

IANA Note

     A new value in the TLS ExtensionsType registry




RFC Editor Note

Please ensure a normative reference is added for NSEC3 in the final publication.
Please ensure Richard Barnes affiliation is corrected from Mozilla to Cisco.




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux