I-D Action: draft-osterweil-dane-ipsec-03.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Opportunistic Encryption with DANE Semantics and IPsec: IPSECA
        Authors         : Eric Osterweil
                          Glen Wiley
                          Tomofumi Okubo
                          Ramana Lavu
                          Aziz Mohaisen
	Filename        : draft-osterweil-dane-ipsec-03.txt
	Pages           : 19
	Date            : 2015-07-06

Abstract:
   This document defines a new Domain Name System (DNS) resource record
   type called the IPSECA RR that is used to associate an X.509
   certificate or a public key to an Internet Protocol Security (IPsec)
   gateway in a similar manner TLSA RR is used in the DNS-based
   Authentication of Named Entities (DANE) protocol does that for
   Transport Layer Security (TLS) in order to make the credential
   discovery easier through DNS and to allow credential discovery to be
   performed in a secure manner leveraging DNS Security Extensions
   (DNSSEC).  Among the issues addressed in this draft is the danger of
   IP address spoofing that can be a liability to IPsec endpoints.  It
   is important to note that the "right destination" in this document is
   strictly defined by the response of the DNS and does not attest to
   the identity of the organization or the ownership of the IP address
   space.  The identity of the organization shall be attested in an
   X.509 certificate issued by a certification authority if desired and
   the ownership of the IP address space shall be attested by other
   mechanisms such as Towards A Secure Routing System (TASRS)
   architecture or Resource Public Key Infrastructure (RPKI).


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-osterweil-dane-ipsec/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-osterweil-dane-ipsec-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-osterweil-dane-ipsec-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux