[TLS] New I-D for OCSP over DNS
"Dr. Pala" <director@openca.org> Fri, 27 October 2017 23:18 UTC
Return-Path: <director@openca.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C9891397F3 for <tls@ietfa.amsl.com>; Fri, 27 Oct 2017 16:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.272
X-Spam-Level:
X-Spam-Status: No, score=-0.272 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3r5843XPP-JR for <tls@ietfa.amsl.com>; Fri, 27 Oct 2017 16:18:29 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 28A1713AF2F for <tls@ietf.org>; Fri, 27 Oct 2017 16:18:28 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 793013741019 for <tls@ietf.org>; Fri, 27 Oct 2017 21:11:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id etDsZOAG-zze for <tls@ietf.org>; Fri, 27 Oct 2017 17:11:20 -0400 (EDT)
Received: from maxs-mbp.cablelabs.com (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 43F89374101D for <tls@ietf.org>; Fri, 27 Oct 2017 17:11:17 -0400 (EDT)
To: TLS WG <tls@ietf.org>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <33a450b5-0515-68df-4ed1-f04907bb154c@openca.org>
Date: Fri, 27 Oct 2017 15:11:16 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms000509040102070001070206"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/A0asQqJN5Aw1u2AfoqFOYc3XzdI>
Subject: [TLS] New I-D for OCSP over DNS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 23:18:30 -0000
Hello all, As suggested by some people from other WGs, I just wanted to cross-post this message here since the proposal heavily rely on DNS and can be leveraged in many different environments (e.g., Server and Client (browsers) authentication, document validation, IoT identities, etc.) and we would like to receive feedback from anybody who might be interested in the topic. *Context. *We are currently working on specifying how to use DNS as a transport protocol for revocation information for digital certificates. In particular, we are working on how to leverage the distributed nature of DNS to efficiently (and possibly at a lower operational costs) distribute OCSP (Online Certificate Status Protocol) responses to applications/devices/etc. *Current Status.* We started this work sometime ago but never really had the time to finish it. Now it seems we can focus more on the topic and would like to discuss this work in a more public venue. We have recently updated the two competing I-D we submitted sometime ago into the latest reference I-D that is available here: https://datatracker.ietf.org/doc/draft-pala-odin/ Please feel free to contact us for any help (you might require or you might provide), feedback, etc. Thanks, Max -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo
- [TLS] New I-D for OCSP over DNS Dr. Pala