[dane] New I-D on Authenticating Raw Public Keys with DANE TLSA
John Gilmore <gnu@toad.com> Sat, 21 June 2014 04:25 UTC
Return-Path: <gnu@toad.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 989881A01BB for <dane@ietfa.amsl.com>; Fri, 20 Jun 2014 21:25:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.102
X-Spam-Level:
X-Spam-Status: No, score=-1.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywcjTVkrUl4Z for <dane@ietfa.amsl.com>; Fri, 20 Jun 2014 21:25:03 -0700 (PDT)
Received: from new.toad.com (new.toad.com [209.237.225.253]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 812671A0168 for <dane@ietf.org>; Fri, 20 Jun 2014 21:25:03 -0700 (PDT)
Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id s5L4P2eo001257; Fri, 20 Jun 2014 21:25:02 -0700
Message-Id: <201406210425.s5L4P2eo001257@new.toad.com>
To: dane@ietf.org, gnu@toad.com
Date: Fri, 20 Jun 2014 21:25:02 -0700
From: John Gilmore <gnu@toad.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/Yp30GbaGMkUoCiXrYyP8A_KGDkM
Subject: [dane] New I-D on Authenticating Raw Public Keys with DANE TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jun 2014 04:25:04 -0000
In an effort to nudge along the process of standardizing the use of DANE with TLS's use of raw public keys, I have written a short Internet-Draft that defines how these keys can be authenticated by using TLSA records. Name: draft-gilmore-dane-rawkeys Revision: 00 Title: Authenticating Raw Public Keys with DANE TLSA Document date: 2014-06-20 Group: Individual Submission Pages: 7 URL: http://www.ietf.org/internet-drafts/draft-gilmore-dane-rawkeys-00.txt Status: https://datatracker.ietf.org/doc/draft-gilmore-dane-rawkeys/ Htmlized: http://tools.ietf.org/html/draft-gilmore-dane-rawkeys-00 Abstract: This document standardizes how the Domain Name System can authenticate Raw Public Keys. Transport Level Security now has the option to use Raw Public Keys, but they require some form of external authentication. The document updates RFC 6698 to allow the Domain Name System to standardize the authentication of more types of keying material. The TLS extension for raw public keys, which inspired this work, is currently very late in the IETF publication process, but not quite published, here: "Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" https://www.rfc-editor.org/authors/rfc7250.txt John
- [dane] New I-D on Authenticating Raw Public Keys … John Gilmore
- Re: [dane] New I-D on Authenticating Raw Public K… Sean Turner