[keyassure] I-D Action:draft-ietf-dane-protocol-06.txt

Internet-Drafts@ietf.org Sat, 12 March 2011 22:45 UTC

Return-Path: <Internet-Drafts@ietf.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 68E643A68FD; Sat, 12 Mar 2011 14:45:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.562
X-Spam-Status: No, score=-102.562 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 12YiwTMHIkYP; Sat, 12 Mar 2011 14:45:02 -0800 (PST)
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 8F4683A695B; Sat, 12 Mar 2011 14:45:02 -0800 (PST)
MIME-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 3.12
Message-ID: <20110312224502.21991.26756.idtracker@localhost>
Date: Sat, 12 Mar 2011 14:45:02 -0800
Cc: keyassure@ietf.org
Subject: [keyassure] I-D Action:draft-ietf-dane-protocol-06.txt
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2011 22:45:03 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS-based Authentication of Named Entities Working Group of the IETF.

	Title           : Using Secure DNS to Associate Certificates with Domain Names For TLS
	Author(s)       : P. Hoffman, J. Schlyter
	Filename        : draft-ietf-dane-protocol-06.txt
	Pages           : 13
	Date            : 2011-03-12

TLS and DTLS use certificates for authenticating the server.  Users
want their applications to verify that the certificate provided by
the TLS server is in fact associated with the domain name they
expect.  DNSSEC provides a mechanism for a zone operator to sign DNS
information directly.  This way, bindings of keys to domains are
asserted not by external entities, but by the entities that operate
the DNS.  This document describes how to use secure DNS to associate
the TLS server's certificate with the intended domain name.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the