[dnsext] Requesting Expert review for RRTYPE application for draft-ietf-dane-protocol-18.

Warren Kumari <warren@kumari.net> Mon, 12 March 2012 18:11 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2CED21F8979 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 11:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EU0Q5Ua5BZQ for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 11:11:52 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 67D2E21F8968 for <dnsext@ietf.org>; Mon, 12 Mar 2012 11:11:50 -0700 (PDT)
Received: from [10.196.208.139] (unknown [199.91.193.1]) by vimes.kumari.net (Postfix) with ESMTPSA id D2AF91B407FB for <dnsext@ietf.org>; Mon, 12 Mar 2012 14:11:49 -0400 (EDT)
From: Warren Kumari <warren@kumari.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Date: Mon, 12 Mar 2012 12:11:48 -0600
Message-Id: <C70B2BA8-2707-41AA-9183-6EB43BA3C006@kumari.net>
To: dnsext@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [dnsext] Requesting Expert review for RRTYPE application for draft-ietf-dane-protocol-18.
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 18:11:52 -0000

Hi dnsext.

I am requesting Expert review for an RRTYPE allocation for draft-ietf-dane-protocol-18.
I have CCed this to dns-rrtype-applications@ietf.org (listed in rfc6195), but seem to remember that posting to DNSEXT is the new, correct(er) process….

W

I have included the completed template below:

-------

A. Submission Date: 12 March 2012

   B. Submission Type:
      [X] New RRTYPE
      [ ] Modification to existing RRTYPE

   C. Contact Information for submitter (will be publicly posted):
         Name: Warren Kumari 
         Email Address: warren@kumari.net
         International telephone number: +1-571-748-4373
         Other contact handles:

   D. Motivation for the new RRTYPE application.
        Encrypted communication on the Internet often uses Transport Level
        Security (TLS), which depends on third parties to certify the keys
        used.  The allocation of this RRTYPE will improve this situation by enabling
	the administrator of a domain name to certify the keys used in that
   	domain's TLS servers by publishing information in the DNS.

   E. Description of the proposed RR type.
      A description of tge RR type is in draft-ietf-dane-protocol-18.txt, Section 2 The TLSA Resource Record
      ( http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt ) 

   F. What existing RRTYPE or RRTYPEs come closest to filling that need
      and why are they unsatisfactory?
      The CERT (37) RR, RFC 4398 is closest. It is not suitable for this particular use as it is not
      flexible enough. It *would* be possiable to shoehorn this into the CERT RR, but would be very
      kludgy.

   G. What mnemonic is requested for the new RRTYPE (optional)?
      TLSA

   H. Does the requested RRTYPE make use of any existing IANA registry
      or require the creation of a new IANA sub-registry in DNS
      Parameters?  If so, please indicate which registry is to be used
      or created.  If a new sub-registry is needed, specify the
      allocation policy for it and its initial contents.  Also include
      what the modification procedures will be.

      This is in the the draft (http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt).
      It is included here for completeness, but reviewers are encouraged to consult the draft
      as the formatting is cleaner.

      #1: TLSA Usages.
        A new registry, "Certificate Usages for TLSA Resource Records".
        The registry policy is "RFC Required".
        The initial entries in the registry are:
	   Value    Short description                       Reference
	   ----------------------------------------------------------
	   0        CA constraint                           [This]
   	   1        Service certificate constraint          [This]
   	   2        Trust anchor assertion                  [This]
   	   3        Domain-issued certificate                [This]
   	   4-254    Unassigned
   	   255      Private use

      #2: TLSA Selectors
      A new registry, "Selectors for TLSA Resource Records".
      The registry policy is "Specification Required".
      The initial entries in the registry are:
         Value    Short description                       Reference
   	 ----------------------------------------------------------
   	 0        Full Certificate                        [This]
  	  1        SubjectPublicKeyInfo                    [This]
   	  2-254    Unassigned
   	  255      Private use

      #3: TLSA Matching Types
      A new registry, "Matching Types for TLSA Resource Records".
      The registry policy is "Specification Required".
      The initial entries in the registry are:
         Value    Short description    Reference
   	 --------------------------------------------------------
   	 0        No hash used         [This]
   	 1        SHA-256              RFC 6234
   	 2        SHA-512              RFC 6234
   	 3-254    Unassigned
   	 255      Private use

   I. Does the proposal require/expect any changes in DNS
      servers/resolvers that prevent the new type from being processed
      as an unknown RRTYPE (see [RFC3597])?
      No.

   J. Comments:
      A number of participants in DNSEXT / DNSOPS (and the DNS Directorate) have been involved in / following / are aware of this work.
     


--
Don't be impressed with unintelligible stuff said condescendingly.
    -- Radia Perlman.