IETF Logo Mail Archive

[dnsext] TLSA RRTYPE review - Comments period end Apr 3rd

Frederico A C Neves <fneves@registro.br> Tue, 13 March 2012 03:55 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9721521F8878; Mon, 12 Mar 2012 20:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331610915; bh=goViBQShYqmlsY08321MykMJR9HgMGQ0FG9A8K85nvg=; h=Date:From:To:Message-ID:MIME-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=n4GRLBr0IZHa1ZkKxaub6i8OBIUByYjR+WYFCHoanuqmqVYUCbIvyfdvjjX+zhlb5 U8eNfxUHyR08jHC8coSq9nv3d2cNPOQjRiEGQQCwJEs2CPNtBDBnRuJm/iOtp1IXKj 42/0smomR8XrIUbiTQ7BDKq1mbh3oSXd/FD/dvKE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65BBE21F8878 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 20:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.523
X-Spam-Level:
X-Spam-Status: No, score=-1.523 tagged_above=-999 required=5 tests=[AWL=-1.077, BAYES_00=-2.599, FRT_BELOW2=2.154, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvifBijR46zh for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 20:55:12 -0700 (PDT)
Received: from clone.registro.br (clone.registro.br [IPv6:2001:12ff:0:2::4]) by ietfa.amsl.com (Postfix) with ESMTP id 878D421F8877 for <dnsext@ietf.org>; Mon, 12 Mar 2012 20:55:12 -0700 (PDT)
Received: by clone.registro.br (Postfix, from userid 1000) id A34B4E0518; Tue, 13 Mar 2012 00:55:08 -0300 (BRT)
Date: Tue, 13 Mar 2012 00:55:08 -0300
From: Frederico A C Neves <fneves@registro.br>
To: dnsext@ietf.org
Message-ID: <20120313035508.GA77638@registro.br>
MIME-Version: 1.0
Content-Disposition: inline
Subject: [dnsext] TLSA RRTYPE review - Comments period end Apr 3rd
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

Dear Colleagues,

Bellow is a completed template requesting a new RRTYPE assignment
under the procedures of RFC6195.

This message starts a 3 weeks period for an expert-review of the DNS
RRTYPE parameter allocation for TLSA specified in
http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt
IANA #550878

If you have comments regarding this request please post them here
before Apr 3rd 18:00 UTC.

Best Regards,
Frederico Neves

--begin 6195 template TLSA--
 A. Submission Date: 12 March 2012

 B. Submission Type:
    [X] New RRTYPE
    [ ] Modification to existing RRTYPE

 C. Contact Information for submitter (will be publicly posted):
    Name: Warren Kumari 
    Email Address: warren@kumari.net
    International telephone number: +1-571-748-4373
    Other contact handles:

 D. Motivation for the new RRTYPE application.
    Encrypted communication on the Internet often uses Transport Level
    Security (TLS), which depends on third parties to certify the keys
    used.  The allocation of this RRTYPE will improve this situation by
    enabling the administrator of a domain name to certify the keys used
    in that domain's TLS servers by publishing information in the DNS.

 E. Description of the proposed RR type.
     A description of the RRtype is in
     draft-ietf-dane-protocol-18.txt, Section 2 The TLSA Resource Record
     ( http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt ) 

 F. What existing RRTYPE or RRTYPEs come closest to filling that need
    and why are they unsatisfactory?
     The CERT (37) RR, RFC 4398 is closest. It is not suitable for this
     particular use as it is not flexible enough. It *would* be possible
     to shoehorn this into the CERT RR, but would be very kludgy.

 G. What mnemonic is requested for the new RRTYPE (optional)?
     TLSA

 H. Does the requested RRTYPE make use of any existing IANA registry
    or require the creation of a new IANA sub-registry in DNS
    Parameters?  If so, please indicate which registry is to be used
    or created.  If a new sub-registry is needed, specify the
    allocation policy for it and its initial contents.  Also include
    what the modification procedures will be.

      This is in the the draft
      (http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt).

      It is included here for completeness, but reviewers are encouraged to
      consult the draft as the formatting is cleaner.

      #1: TLSA Usages.
        A new registry, "Certificate Usages for TLSA Resource Records".
        The registry policy is "RFC Required".
        The initial entries in the registry are:
	   Value    Short description                       Reference
	   ----------------------------------------------------------
	   0        CA constraint                           [This]
   	   1        Service certificate constraint          [This]
   	   2        Trust anchor assertion                  [This]
   	   3        Domain-issued certificate               [This]
   	   4-254    Unassigned
   	   255      Private use

      #2: TLSA Selectors
      A new registry, "Selectors for TLSA Resource Records".
      The registry policy is "Specification Required".
      The initial entries in the registry are:
         Value    Short description                       Reference
   	 ----------------------------------------------------------
   	 0        Full Certificate                        [This]
  	 1        SubjectPublicKeyInfo                    [This]
   	 2-254    Unassigned
   	 255      Private use

      #3: TLSA Matching Types
      A new registry, "Matching Types for TLSA Resource Records".
      The registry policy is "Specification Required".
      The initial entries in the registry are:
         Value    Short description    Reference
   	 --------------------------------------------------------
   	 0        No hash used         [This]
   	 1        SHA-256              RFC 6234
   	 2        SHA-512              RFC 6234
   	 3-254    Unassigned
   	 255      Private use

 I. Does the proposal require/expect any changes in DNS
     servers/resolvers that prevent the new type from being processed as an
     unknown RRTYPE (see [RFC3597])? No.

 J. Comments:
     A number of participants in DNSEXT / DNSOPS (and the DNS Directorate)
     have been involved in / following / are aware of this work.
--end 6195 template TLSA--
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email