[keyassure] Not yet for WG consideration: draft-hoffman-dane-smime-00.txt

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 04 March 2011 01:15 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 5C3BF3A6806 for <keyassure@core3.amsl.com>; Thu, 3 Mar 2011 17:15:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.79
X-Spam-Status: No, score=-101.79 tagged_above=-999 required=5 tests=[AWL=0.809, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id SH7d49LuDjlV for <keyassure@core3.amsl.com>; Thu, 3 Mar 2011 17:15:55 -0800 (PST)
Received: from hoffman.proper.com (unknown [IPv6:2001:4870:a30c:41::81]) by core3.amsl.com (Postfix) with ESMTP id 23ACB3A67FC for <keyassure@ietf.org>; Thu, 3 Mar 2011 17:15:54 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net []) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p241H1vt093447 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <keyassure@ietf.org>; Thu, 3 Mar 2011 18:17:02 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D703D8E.4050006@vpnc.org>
Date: Thu, 03 Mar 2011 17:17:02 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20110221 Thunderbird/3.1.8
MIME-Version: 1.0
To: "keyassure@ietf.org" <keyassure@ietf.org>
Content-Type: multipart/mixed; boundary="------------020105010507090504000909"
Subject: [keyassure] Not yet for WG consideration: draft-hoffman-dane-smime-00.txt
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2011 01:15:56 -0000

This is just a heads-up that Jakob and I have submitted a new draft that 
might be considered by the WG, BUT NOT YET. We did this now so that we 
can do a brief presentation at the Prague meeting, but the chairs have 
asked that we *not* take WG focus from the current TLSA work, and that 
sounds fine to us.

--Paul Hoffman

-------- Original Message --------
Subject: I-D Action:draft-hoffman-dane-smime-00.txt
Date: Thu, 03 Mar 2011 13:45:01 -0800
From: Internet-Drafts@ietf.org
Reply-To: internet-drafts@ietf.org
To: i-d-announce@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts 

	Title           : Using Secure DNS to Associate Certificates with 
Domain Names For S/MIME
	Author(s)       : P. Hoffman, J. Schlyter
	Filename        : draft-hoffman-dane-smime-00.txt
	Pages           : 8
	Date            : 2011-03-03

S/MIME uses certificates for authenticating and encrypting messages.
Users want their mail user agents to securely associate a certificate
with the sender of an encrypted and/or signed message.  DNSSEC
provides a mechanism for a zone operator to sign DNS information
directly.  This way, bindings of certificates to users within a
domain are asserted not by external entities, but by the entities
that operate the DNS.  This document describes how to use secure DNS
to associate an S/MIME user's certificate with the the intended
domain name.

IMPORTANT NOTE: This draft is intentionally sketchy.  It is meant as
a possible starting point for the DANE WG if it wants to consider
making a protocol similar to TLSA, as described in
draft-ietf-dane-protocol, but that applies to S/MIME.  The WG may or
may not want to adopt such work, or if it does, may want to use a
very different scheme from the one described here.

A URL for this Internet-Draft is: