[TLS] I-D Action: draft-ietf-tls-dnssec-chain-extension-01.txt

internet-drafts@ietf.org Fri, 08 July 2016 03:51 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7072712D520; Thu, 7 Jul 2016 20:51:24 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.25.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160708035124.18636.88079.idtracker@ietfa.amsl.com>
Date: Thu, 07 Jul 2016 20:51:24 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/x8Lwr5IJm2j4bZHxeyR_MrumFXE>
Cc: tls@ietf.org
Subject: [TLS] I-D Action: draft-ietf-tls-dnssec-chain-extension-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 03:51:24 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security of the IETF.

        Title           : A DANE Record and DNSSEC Authentication Chain Extension for TLS
        Authors         : Melinda Shore
                          Richard Barnes
                          Shumon Huque
                          Willem Toorop
	Filename        : draft-ietf-tls-dnssec-chain-extension-01.txt
	Pages           : 12
	Date            : 2016-07-07

   This draft describes a new TLS extension for transport of a DNS
   record set serialized with the DNSSEC signatures needed to
   authenticate that record set.  The intent of this proposal is to
   allow TLS clients to perform DANE authentication of a TLS server
   certificate without needing to perform additional DNS record lookups.
   It will typically not be used for general DNSSEC validation of TLS
   endpoint names.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: