[dnsext] New RRtype "KREALM" in draft-vanrein-dnstxt-krb1-02.txt

Rick van Rein <rick@openfortress.nl> Thu, 03 September 2015 15:36 UTC

Return-Path: <rick@openfortress.nl>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id E49131B3157 for <dnsext@ietfa.amsl.com>; Thu, 3 Sep 2015 08:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tO-0WYPcLRR4 for <dnsext@ietfa.amsl.com>; Thu, 3 Sep 2015 08:36:17 -0700 (PDT)
Received: from lb1-smtp-cloud6.xs4all.net (lb1-smtp-cloud6.xs4all.net []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92EB71B324B for <dnsext@ietf.org>; Thu, 3 Sep 2015 08:36:13 -0700 (PDT)
Received: from airhead.local ([]) by smtp-cloud6.xs4all.net with ESMTP id Cfc91r00810HQrX01fcA9e; Thu, 03 Sep 2015 17:36:11 +0200
Message-ID: <55E868E8.6050504@openfortress.nl>
Date: Thu, 03 Sep 2015 17:36:08 +0200
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: dnsext@ietf.org
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsext/e18hNAD1NGLi4GvvAr9edsnkqVo>
Subject: [dnsext] New RRtype "KREALM" in draft-vanrein-dnstxt-krb1-02.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2015 15:36:21 -0000


I am working on an I-D that allocates a new RRtype in DNS, named
KREALM.  This RR is meant to store Kerberos realm descriptions in DNS;
this has hitherto been desired but impossible to do securely, but
nowadays the broad acceptance of DNSSEC permits this facility.

Please let me know if you have any feedback or questions!


Rick van Rein
for ARPA2.net

> A new version of I-D, draft-vanrein-dnstxt-krb1-02.txt
> has been successfully submitted by Rick van Rein and posted to the
> IETF repository.
> Name:		draft-vanrein-dnstxt-krb1
> Revision:	02
> Title:		Kerberos Realm Descriptors in DNS (KREALM)
> Document date:	2015-09-03
> Group:		Individual Submission
> Pages:		15
> URL:            https://www.ietf.org/internet-drafts/draft-vanrein-dnstxt-krb1-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-vanrein-dnstxt-krb1/
> Htmlized:       https://tools.ietf.org/html/draft-vanrein-dnstxt-krb1-02
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-vanrein-dnstxt-krb1-02
> Abstract:
>    This specification defines methods to determine Kerberos realm
>    descriptive information for services that are known by their DNS
>    name.  Currently, finding such information is done through static
>    mappings or educated guessing.  DNS can make this process more
>    dynamic, provided that DNSSEC is used to ensure authenticity of
>    resource records.