Protocol Action: 'Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name' to Proposed Standard

The IESG <iesg-secretary@ietf.org> Wed, 30 May 2007 17:28 UTC

Return-path: <ietf-announce-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtRxy-0000Sg-UH; Wed, 30 May 2007 13:28:10 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HtRxx-0000SF-H3 for ietf-announce@ietf.org; Wed, 30 May 2007 13:28:09 -0400
Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1HtRxw-0005mf-7p for ietf-announce@ietf.org; Wed, 30 May 2007 13:28:09 -0400
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 30DD62ACB9; Wed, 30 May 2007 17:27:38 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1HtRxR-00014B-Uz; Wed, 30 May 2007 13:27:37 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1HtRxR-00014B-Uz@stiedprstage1.ietf.org>
Date: Wed, 30 May 2007 13:27:37 -0400
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Cc: pkix mailing list <ietf-pkix@imc.org>, pkix chair <pkix-chairs@tools.ietf.org>, Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Internet X.509 Public Key Infrastructure Subject Alternative Name for expression of service name' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Errors-To: ietf-announce-bounces@ietf.org

The IESG has approved the following document:

- 'Internet X.509 Public Key Infrastructure Subject Alternative Name for 
   expression of service name '
   <draft-ietf-pkix-srvsan-05.txt> as a Proposed Standard

This document is the product of the Public-Key Infrastructure (X.509) 
Working Group. 

The IESG contact persons are Tim Polk and Sam Hartman.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-srvsan-05.txt

Technical Summary

  This document specifies how to use the existing X.509 certificate
  Subject Alternative Name extension (with the otherName syntax) to
  carry a reference to a DNS SRV record.  The intent is to link a
  certificate to the service named in the DNS record.

  The document notes that the problem being solved here is not the
  typical server authentication problem.  Instead, an authorization
  problem is being solved.  The question being answered here is whether
  the server that holds the private key is authorized to provide a
  particular service.  This mechanism fills a gap that otherwise would
  exist if the server is provisioned with typical server certificate
  that attests just to the name of the server.  A server holding a
  certificate with this extension has been certified by the issuer of
  the certificate to offer the service expressed in the corresponding
  SRV RR record.  The cited example in the document is that of a
  Kerberos server (e.g., a KDC).

  When DNSSEC is fully deployed, this extension may not be needed, as
  signed DNS records (SRV RR and others) should be able to provide the
  same form of authentic authorization information.  (This extension
  does not represent competition with DNSSEC as the only binding
  provided is to SRV RR records, a subset of overall DNSSEC
  functionality.)

Working Group Summary

  The PKIX WG expressed consensus to advance the draft to Proposed
  Standard.

Protocol Quality

  This document was reviewed by Russ Housley for the IESG.


_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce