IETF Logo Mail Archive

Re: [dnsext] TLSA RRTYPE review - result [IANA #550878]

Frederico A C Neves <fneves@registro.br> Tue, 03 April 2012 14:38 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1E511E80AD; Tue, 3 Apr 2012 07:38:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1333463916; bh=pPcVlbWIdbK8Thy1xayWtew7ZF7peR766bwnTOUIjIk=; h=Date:From:To:Message-ID:References:MIME-Version:In-Reply-To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=Ye2TMhxpCHUsgs3EyaGfD8+T+eSGGGFYzN4SnpFeT1cV0AzWDAaDJ25QllRsZuBtO z5tYCdIE/T7h4lbJQL5cPwzc+ObOd/e6enNjYAThHBMiQvFd/DvjzqLkNDXCWGUsfm +YWErpPf0q949xWV3IgIyBuN14WYBB8b3WaIsgfw=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C26C11E80AD for <dnsext@ietfa.amsl.com>; Tue, 3 Apr 2012 07:38:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.446
X-Spam-Level:
X-Spam-Status: No, score=-0.446 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FRT_BELOW2=2.154, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WA49x3g0bTQj for <dnsext@ietfa.amsl.com>; Tue, 3 Apr 2012 07:38:34 -0700 (PDT)
Received: from clone.registro.br (clone.registro.br [IPv6:2001:12ff:0:2::4]) by ietfa.amsl.com (Postfix) with ESMTP id 6767C11E80A6 for <dnsext@ietf.org>; Tue, 3 Apr 2012 07:38:34 -0700 (PDT)
Received: by clone.registro.br (Postfix, from userid 1000) id 64D9DE04A4; Tue, 3 Apr 2012 11:38:33 -0300 (BRT)
Date: Tue, 03 Apr 2012 11:38:33 -0300
From: Frederico A C Neves <fneves@registro.br>
To: dnsext@ietf.org
Message-ID: <20120403143833.GL15938@registro.br>
References: <20120313035508.GA77638@registro.br>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20120313035508.GA77638@registro.br>
Cc: iana-prot-param@iana.org
Subject: Re: [dnsext] TLSA RRTYPE review - result [IANA #550878]
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

Dear Colleagues,

This message ends the review process for the TLSA RRTYPE. According to
my judgment this request meets RFC6195 at both requirements of section
3.1.1 and none of section 3.1.2 and should be accepted.

Best Regards,
Frederico Neves

On Tue, Mar 13, 2012 at 12:55:08AM -0300, Frederico A C Neves wrote:
> Dear Colleagues,
> 
> Bellow is a completed template requesting a new RRTYPE assignment
> under the procedures of RFC6195.
> 
> This message starts a 3 weeks period for an expert-review of the DNS
> RRTYPE parameter allocation for TLSA specified in
> http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt
> IANA #550878
> 
> If you have comments regarding this request please post them here
> before Apr 3rd 18:00 UTC.
> 
> Best Regards,
> Frederico Neves
> 
> --begin 6195 template TLSA--
>  A. Submission Date: 12 March 2012
> 
>  B. Submission Type:
>     [X] New RRTYPE
>     [ ] Modification to existing RRTYPE
> 
>  C. Contact Information for submitter (will be publicly posted):
>     Name: Warren Kumari 
>     Email Address: warren@kumari.net
>     International telephone number: +1-571-748-4373
>     Other contact handles:
> 
>  D. Motivation for the new RRTYPE application.
>     Encrypted communication on the Internet often uses Transport Level
>     Security (TLS), which depends on third parties to certify the keys
>     used.  The allocation of this RRTYPE will improve this situation by
>     enabling the administrator of a domain name to certify the keys used
>     in that domain's TLS servers by publishing information in the DNS.
> 
>  E. Description of the proposed RR type.
>      A description of the RRtype is in
>      draft-ietf-dane-protocol-18.txt, Section 2 The TLSA Resource Record
>      ( http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt ) 
> 
>  F. What existing RRTYPE or RRTYPEs come closest to filling that need
>     and why are they unsatisfactory?
>      The CERT (37) RR, RFC 4398 is closest. It is not suitable for this
>      particular use as it is not flexible enough. It *would* be possible
>      to shoehorn this into the CERT RR, but would be very kludgy.
> 
>  G. What mnemonic is requested for the new RRTYPE (optional)?
>      TLSA
> 
>  H. Does the requested RRTYPE make use of any existing IANA registry
>     or require the creation of a new IANA sub-registry in DNS
>     Parameters?  If so, please indicate which registry is to be used
>     or created.  If a new sub-registry is needed, specify the
>     allocation policy for it and its initial contents.  Also include
>     what the modification procedures will be.
> 
>       This is in the the draft
>       (http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt).
> 
>       It is included here for completeness, but reviewers are encouraged to
>       consult the draft as the formatting is cleaner.
> 
>       #1: TLSA Usages.
>         A new registry, "Certificate Usages for TLSA Resource Records".
>         The registry policy is "RFC Required".
>         The initial entries in the registry are:
> 	   Value    Short description                       Reference
> 	   ----------------------------------------------------------
> 	   0        CA constraint                           [This]
>    	   1        Service certificate constraint          [This]
>    	   2        Trust anchor assertion                  [This]
>    	   3        Domain-issued certificate               [This]
>    	   4-254    Unassigned
>    	   255      Private use
> 
>       #2: TLSA Selectors
>       A new registry, "Selectors for TLSA Resource Records".
>       The registry policy is "Specification Required".
>       The initial entries in the registry are:
>          Value    Short description                       Reference
>    	 ----------------------------------------------------------
>    	 0        Full Certificate                        [This]
>   	 1        SubjectPublicKeyInfo                    [This]
>    	 2-254    Unassigned
>    	 255      Private use
> 
>       #3: TLSA Matching Types
>       A new registry, "Matching Types for TLSA Resource Records".
>       The registry policy is "Specification Required".
>       The initial entries in the registry are:
>          Value    Short description    Reference
>    	 --------------------------------------------------------
>    	 0        No hash used         [This]
>    	 1        SHA-256              RFC 6234
>    	 2        SHA-512              RFC 6234
>    	 3-254    Unassigned
>    	 255      Private use
> 
>  I. Does the proposal require/expect any changes in DNS
>      servers/resolvers that prevent the new type from being processed as an
>      unknown RRTYPE (see [RFC3597])? No.
> 
>  J. Comments:
>      A number of participants in DNSEXT / DNSOPS (and the DNS Directorate)
>      have been involved in / following / are aware of this work.
> --end 6195 template TLSA--
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email