Protocol Action: 'Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 30 May 2007 17:28 UTC
Return-path: <ietf-announce-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtRxy-0000Sg-UH; Wed, 30 May 2007 13:28:10 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtRxx-0000SF-H3 for ietf-announce@ietf.org; Wed, 30 May 2007 13:28:09 -0400
Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1HtRxw-0005mf-7p for ietf-announce@ietf.org; Wed, 30 May 2007 13:28:09 -0400
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 30DD62ACB9; Wed, 30 May 2007 17:27:38 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1HtRxR-00014B-Uz; Wed, 30 May 2007 13:27:37 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1HtRxR-00014B-Uz@stiedprstage1.ietf.org>
Date: Wed, 30 May 2007 13:27:37 -0400
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Cc: pkix mailing list <ietf-pkix@imc.org>, pkix chair <pkix-chairs@tools.ietf.org>, Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name ' <draft-ietf-pkix-srvsan-05.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Tim Polk and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-srvsan-05.txt Technical Summary This document specifies how to use the existing X.509 certificate Subject Alternative Name extension (with the otherName syntax) to carry a reference to a DNS SRV record. The intent is to link a certificate to the service named in the DNS record. The document notes that the problem being solved here is not the typical server authentication problem. Instead, an authorization problem is being solved. The question being answered here is whether the server that holds the private key is authorized to provide a particular service. This mechanism fills a gap that otherwise would exist if the server is provisioned with typical server certificate that attests just to the name of the server. A server holding a certificate with this extension has been certified by the issuer of the certificate to offer the service expressed in the corresponding SRV RR record. The cited example in the document is that of a Kerberos server (e.g., a KDC). When DNSSEC is fully deployed, this extension may not be needed, as signed DNS records (SRV RR and others) should be able to provide the same form of authentic authorization information. (This extension does not represent competition with DNSSEC as the only binding provided is to SRV RR records, a subset of overall DNSSEC functionality.) Working Group Summary The PKIX WG expressed consensus to advance the draft to Proposed Standard. Protocol Quality This document was reviewed by Russ Housley for the IESG. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce