[TLS] draft-shore-tls-dnssec-chain-extension-00
Melinda Shore <melinda.shore@nomountain.net> Tue, 30 June 2015 05:13 UTC
Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE9DC1B30F5 for <tls@ietfa.amsl.com>; Mon, 29 Jun 2015 22:13:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.266
X-Spam-Level:
X-Spam-Status: No, score=-0.266 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sofMeK0Kzh7X for <tls@ietfa.amsl.com>; Mon, 29 Jun 2015 22:13:23 -0700 (PDT)
Received: from homiemail-a109.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id BDC1C1B30F4 for <tls@ietf.org>; Mon, 29 Jun 2015 22:13:23 -0700 (PDT)
Received: from homiemail-a109.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a109.g.dreamhost.com (Postfix) with ESMTP id 45B002005DD01 for <tls@ietf.org>; Mon, 29 Jun 2015 22:13:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=nomountain.net; h= message-id:date:from:mime-version:to:subject:content-type :content-transfer-encoding; s=nomountain.net; bh=jqes3Uje6bkmp3V aOZ0LLLN9TGE=; b=Px5+JtkqVD5UFTUfGEi9MuVFqD+yet/CjRo8tOi9+CMq9I4 driD8nIbsNxBrtZxceF5eJcv0jloXghLQmmVY2N513+Dzcvp9vrCBnoCXiPNV3Em 7Ei9QnB2jddO+hRaK6i2ISrCtJD72cUpq7bb8p0/QhMZJqqdNn51H2nRy7nQ=
Received: from spandex.local (216-67-117-38-rb3.fai.dsl.dynamic.acsalaska.net [216.67.117.38]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: melinda.shore@nomountain.net) by homiemail-a109.g.dreamhost.com (Postfix) with ESMTPSA id 0A3332005DD00 for <tls@ietf.org>; Mon, 29 Jun 2015 22:13:22 -0700 (PDT)
Message-ID: <55922571.8080605@nomountain.net>
Date: Mon, 29 Jun 2015 21:13:21 -0800
From: Melinda Shore <melinda.shore@nomountain.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LIIuqO_OshnNdAg0xvAUGY0GTWU>
Subject: [TLS] draft-shore-tls-dnssec-chain-extension-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 05:13:25 -0000
Hi, all: We've submitted a initial draft describing a TLS extension for the transport of a DNS record serialized with the DNSSEC signatures needed to authenticate that record. This would allow DANE clients to perform DANE authentication of a TLS server certificate without performing additional DNS lookups and incurring the performance costs associated with them. There are some additional benefits around things like middlebox traversal, and allowing a TLS client to validate DANE records without needing secured access to a validating DNS resolver. Please have a look at it and get comments or suggestions to us. We're planning on getting one more revision out prior to the Prague meeting, and on having a test implementation available in Prague. The draft is available at: https://tools.ietf.org/html/draft-shore-tls-dnssec-chain-extension-00 Thanks, Melinda -- Melinda Shore No Mountain Software melinda.shore@nomountain.net "Software longa, hardware brevis."
- [TLS] draft-shore-tls-dnssec-chain-extension-00 Melinda Shore
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore
- Re: [TLS] [dane] draft-shore-tls-dnssec-chain-ext… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Paul Wouters
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Daniel Kahn Gillmor
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore