[DNSOP] New I-D for OCSP over DNS
"Dr. Pala" <director@openca.org> Fri, 27 October 2017 21:10 UTC
Return-Path: <director@openca.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09C5513B144 for <dnsop@ietfa.amsl.com>; Fri, 27 Oct 2017 14:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.272
X-Spam-Level:
X-Spam-Status: No, score=-0.272 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKSdATQ6Spxi for <dnsop@ietfa.amsl.com>; Fri, 27 Oct 2017 14:10:46 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 944091386A1 for <dnsop@ietf.org>; Fri, 27 Oct 2017 14:10:46 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id C56723741019 for <dnsop@ietf.org>; Fri, 27 Oct 2017 21:10:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id uAYCbl-rD8nN for <dnsop@ietf.org>; Fri, 27 Oct 2017 17:10:40 -0400 (EDT)
Received: from maxs-mbp.cablelabs.com (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 137B53741015 for <dnsop@ietf.org>; Fri, 27 Oct 2017 17:10:40 -0400 (EDT)
To: DNSOp WG <dnsop@ietf.org>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <c40df475-cb18-0f89-50d4-0e3a08ab4f75@openca.org>
Date: Fri, 27 Oct 2017 15:10:39 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030803000802090100020201"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/voPhZC9JksBETzfmUZm5RZzlp7E>
Subject: [DNSOP] New I-D for OCSP over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 21:10:48 -0000
Hello all, As suggested by some people from other WGs, I just wanted to cross-post this message here since the proposal heavily rely on DNS and can be leveraged in many different environments (e.g., Server and Client (browsers) authentication, document validation, IoT identities, etc.) and we would like to receive feedback from anybody who might be interested in the topic. *Context. *We are currently working on specifying how to use DNS as a transport protocol for revocation information for digital certificates. In particular, we are working on how to leverage the distributed nature of DNS to efficiently (and possibly at a lower operational costs) distribute OCSP (Online Certificate Status Protocol) responses to applications/devices/etc. *Current Status.* We started this work sometime ago but never really had the time to finish it. Now it seems we can focus more on the topic and would like to discuss this work in a more public venue. We have recently updated the two competing I-D we submitted sometime ago into the latest reference I-D that is available here: https://datatracker.ietf.org/doc/draft-pala-odin/ Please feel free to contact us for any help (you might require or you might provide), feedback, etc. Thanks, Max -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo
- [DNSOP] New I-D for OCSP over DNS Dr. Pala
- Re: [DNSOP] New I-D for OCSP over DNS Shane Kerr
- Re: [DNSOP] New I-D for OCSP over DNS Dr. Pala