[dnsext] TLSA RRTYPE review - Comments period end Apr 3rd
Frederico A C Neves <fneves@registro.br> Tue, 13 March 2012 03:55 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9721521F8878; Mon, 12 Mar 2012 20:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1331610915; bh=goViBQShYqmlsY08321MykMJR9HgMGQ0FG9A8K85nvg=; h=Date:From:To:Message-ID:MIME-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=n4GRLBr0IZHa1ZkKxaub6i8OBIUByYjR+WYFCHoanuqmqVYUCbIvyfdvjjX+zhlb5 U8eNfxUHyR08jHC8coSq9nv3d2cNPOQjRiEGQQCwJEs2CPNtBDBnRuJm/iOtp1IXKj 42/0smomR8XrIUbiTQ7BDKq1mbh3oSXd/FD/dvKE=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65BBE21F8878 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 20:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.523
X-Spam-Level:
X-Spam-Status: No, score=-1.523 tagged_above=-999 required=5 tests=[AWL=-1.077, BAYES_00=-2.599, FRT_BELOW2=2.154, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvifBijR46zh for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 20:55:12 -0700 (PDT)
Received: from clone.registro.br (clone.registro.br [IPv6:2001:12ff:0:2::4]) by ietfa.amsl.com (Postfix) with ESMTP id 878D421F8877 for <dnsext@ietf.org>; Mon, 12 Mar 2012 20:55:12 -0700 (PDT)
Received: by clone.registro.br (Postfix, from userid 1000) id A34B4E0518; Tue, 13 Mar 2012 00:55:08 -0300 (BRT)
Date: Tue, 13 Mar 2012 00:55:08 -0300
From: Frederico A C Neves <fneves@registro.br>
To: dnsext@ietf.org
Message-ID: <20120313035508.GA77638@registro.br>
MIME-Version: 1.0
Content-Disposition: inline
Subject: [dnsext] TLSA RRTYPE review - Comments period end Apr 3rd
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
Dear Colleagues, Bellow is a completed template requesting a new RRTYPE assignment under the procedures of RFC6195. This message starts a 3 weeks period for an expert-review of the DNS RRTYPE parameter allocation for TLSA specified in http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt IANA #550878 If you have comments regarding this request please post them here before Apr 3rd 18:00 UTC. Best Regards, Frederico Neves --begin 6195 template TLSA-- A. Submission Date: 12 March 2012 B. Submission Type: [X] New RRTYPE [ ] Modification to existing RRTYPE C. Contact Information for submitter (will be publicly posted): Name: Warren Kumari Email Address: warren@kumari.net International telephone number: +1-571-748-4373 Other contact handles: D. Motivation for the new RRTYPE application. Encrypted communication on the Internet often uses Transport Level Security (TLS), which depends on third parties to certify the keys used. The allocation of this RRTYPE will improve this situation by enabling the administrator of a domain name to certify the keys used in that domain's TLS servers by publishing information in the DNS. E. Description of the proposed RR type. A description of the RRtype is in draft-ietf-dane-protocol-18.txt, Section 2 The TLSA Resource Record ( http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt ) F. What existing RRTYPE or RRTYPEs come closest to filling that need and why are they unsatisfactory? The CERT (37) RR, RFC 4398 is closest. It is not suitable for this particular use as it is not flexible enough. It *would* be possible to shoehorn this into the CERT RR, but would be very kludgy. G. What mnemonic is requested for the new RRTYPE (optional)? TLSA H. Does the requested RRTYPE make use of any existing IANA registry or require the creation of a new IANA sub-registry in DNS Parameters? If so, please indicate which registry is to be used or created. If a new sub-registry is needed, specify the allocation policy for it and its initial contents. Also include what the modification procedures will be. This is in the the draft (http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt). It is included here for completeness, but reviewers are encouraged to consult the draft as the formatting is cleaner. #1: TLSA Usages. A new registry, "Certificate Usages for TLSA Resource Records". The registry policy is "RFC Required". The initial entries in the registry are: Value Short description Reference ---------------------------------------------------------- 0 CA constraint [This] 1 Service certificate constraint [This] 2 Trust anchor assertion [This] 3 Domain-issued certificate [This] 4-254 Unassigned 255 Private use #2: TLSA Selectors A new registry, "Selectors for TLSA Resource Records". The registry policy is "Specification Required". The initial entries in the registry are: Value Short description Reference ---------------------------------------------------------- 0 Full Certificate [This] 1 SubjectPublicKeyInfo [This] 2-254 Unassigned 255 Private use #3: TLSA Matching Types A new registry, "Matching Types for TLSA Resource Records". The registry policy is "Specification Required". The initial entries in the registry are: Value Short description Reference -------------------------------------------------------- 0 No hash used [This] 1 SHA-256 RFC 6234 2 SHA-512 RFC 6234 3-254 Unassigned 255 Private use I. Does the proposal require/expect any changes in DNS servers/resolvers that prevent the new type from being processed as an unknown RRTYPE (see [RFC3597])? No. J. Comments: A number of participants in DNSEXT / DNSOPS (and the DNS Directorate) have been involved in / following / are aware of this work. --end 6195 template TLSA-- _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] TLSA RRTYPE review - Comments period end… Frederico A C Neves
- Re: [dnsext] TLSA RRTYPE review - result [IANA #5… Frederico A C Neves