[TLS] FYI: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC

Ondřej Surý <ondrej.sury@nic.cz> Wed, 18 August 2010 07:43 UTC

Return-Path: <ondrej.sury@nic.cz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 9EFF13A6849; Wed, 18 Aug 2010 00:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id 2MJTabt5gVsV; Wed, 18 Aug 2010 00:43:11 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) by core3.amsl.com (Postfix) with ESMTP id CB06D3A6A28; Wed, 18 Aug 2010 00:43:10 -0700 (PDT)
Received: from [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617] (unknown [IPv6:2001:1488:ac14:1400:224:e8ff:fea9:f617]) by mail.nic.cz (Postfix) with ESMTPSA id 5307D73440F; Wed, 18 Aug 2010 09:43:45 +0200 (CEST)
Message-ID: <4C6B8F30.6050101@nic.cz>
Date: Wed, 18 Aug 2010 09:43:44 +0200
From: Ondřej Surý <ondrej.sury@nic.cz>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: dnsop@ietf.org, tls@ietf.org, pkix@ietf.org, saag@ietf.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: [TLS] FYI: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2010 07:43:12 -0000


this is the mailing list for discussing and proposing new ways how to 
use the fact that we have a DNSSEC @ root zone.

You may want to read:

The problem statement I and Warren wrote:

New I-D by Jakob, Paul, Warren and Adam:

Slightly older CERT RR (which we already have):

And various older proposals which didn't make it:


(RR TYPE request I did)

This is just to summarize the ideas which were floating around for some 
time.  The basis on our work will be in the most recent I-D.


-------- Original Message --------
Subject: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
Date: Tue, 17 Aug 2010 11:36:02 -0700 (PDT)
From: IETF Secretariat <ietf-secretariat@ietf.org>
To: IETF Announcement list <ietf-announce@ietf.org>
CC: keyassure@ietf.org, ondrej.sury@nic.cz, warren@kumari.net

A new IETF non-working group email list has been created.

List address: keyassure@ietf.org
To subscribe: https://www.ietf.org/mailman/listinfo/keyassure

Description: This list is for discussion relating to using
DNSSEC-protected DNS queries to get greater assurance for keys and
certificates that are passed in existing IETF protocols. The main idea 
is that a relying party can get additional information about a domain 
name to eliminate the need for using a certificate in a protocol, to 
eliminate the need for sending certificates in the protocol if they are 
optional, and/or to assure that the certificate given in a protocol is 
associated with the domain name used by the application. In all three 
cases, the application associates the key or key fingerprint securely 
retrieved from the DNS with the domain name that was used in the DNS query.

For additional information, please contact the list administrators.

  Ondřej Surý
  vedoucí výzkumu/Head of R&D department
  CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
  Americka 23, 120 00 Praha 2, Czech Republic
  mailto:ondrej.sury@nic.cz    http://nic.cz/
  tel:+420.222745110       fax:+420.222745112