[TLS] FYI: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
Ondřej Surý <ondrej.sury@nic.cz> Wed, 18 August 2010 07:43 UTC
Return-Path: <ondrej.sury@nic.cz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EFF13A6849; Wed, 18 Aug 2010 00:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MJTabt5gVsV; Wed, 18 Aug 2010 00:43:11 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by core3.amsl.com (Postfix) with ESMTP id CB06D3A6A28; Wed, 18 Aug 2010 00:43:10 -0700 (PDT)
Received: from [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617] (unknown [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617]) by mail.nic.cz (Postfix) with ESMTPSA id 5307D73440F; Wed, 18 Aug 2010 09:43:45 +0200 (CEST)
Message-ID: <4C6B8F30.6050101@nic.cz>
Date: Wed, 18 Aug 2010 09:43:44 +0200
From: Ondřej Surý <ondrej.sury@nic.cz>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: dnsop@ietf.org, tls@ietf.org, pkix@ietf.org, saag@ietf.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: [TLS] FYI: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2010 07:43:12 -0000
Hi, this is the mailing list for discussing and proposing new ways how to use the fact that we have a DNSSEC @ root zone. You may want to read: The problem statement I and Warren wrote: http://www.ietf.org/mail-archive/web/keyassure/current/msg00000.html New I-D by Jakob, Paul, Warren and Adam: http://www.ietf.org/internet-drafts/draft-hoffman-keys-linkage-from-dns-00.txt Slightly older CERT RR (which we already have): http://tools.ietf.org/html/rfc4398 And various older proposals which didn't make it: (Jakob's) http://stupid.domain.name/ietf/draft-schlyter-pkix-dns-02.txt (RR TYPE request I did) http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg00421.html This is just to summarize the ideas which were floating around for some time. The basis on our work will be in the most recent I-D. Ondrej -------- Original Message -------- Subject: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC Date: Tue, 17 Aug 2010 11:36:02 -0700 (PDT) From: IETF Secretariat <ietf-secretariat@ietf.org> To: IETF Announcement list <ietf-announce@ietf.org> CC: keyassure@ietf.org, ondrej.sury@nic.cz, warren@kumari.net A new IETF non-working group email list has been created. List address: keyassure@ietf.org Archive: http://www.ietf.org/mail-archive/web/keyassure/current/maillist.html To subscribe: https://www.ietf.org/mailman/listinfo/keyassure Description: This list is for discussion relating to using DNSSEC-protected DNS queries to get greater assurance for keys and certificates that are passed in existing IETF protocols. The main idea is that a relying party can get additional information about a domain name to eliminate the need for using a certificate in a protocol, to eliminate the need for sending certificates in the protocol if they are optional, and/or to assure that the certificate given in a protocol is associated with the domain name used by the application. In all three cases, the application associates the key or key fingerprint securely retrieved from the DNS with the domain name that was used in the DNS query. For additional information, please contact the list administrators. -- Ondřej Surý vedoucí výzkumu/Head of R&D department ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------