[TLS] Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt)
The IESG <iesg-secretary@ietf.org> Wed, 21 March 2018 15:40 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 32A5912DA73; Wed, 21 Mar 2018 08:40:53 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.76.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-dnssec-chain-extension@ietf.org, Kathleen.Moriarty.ietf@gmail.com, Joseph Salowey <joe@salowey.net>, tls-chairs@ietf.org, shuque@gmail.com, rfc-editor@rfc-editor.org, joe@salowey.net, tls@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <152164685320.7396.2399987180749132110.idtracker@ietfa.amsl.com>
Date: Wed, 21 Mar 2018 08:40:53 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zpxb0YhC9SsP--YC8iYVn5vI638>
Subject: [TLS] Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 15:40:53 -0000
The IESG has approved the following document: - 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' (draft-ietf-tls-dnssec-chain-extension-07.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-dnssec-chain-extension/ Technical Summary This draft describes a new TLS extension for transport of a DNS record set serialized with the DNSSEC signatures needed to authenticate that record set. The intent of this proposal is to allow TLS clients to perform DANE authentication of a TLS server without needing to perform additional DNS record lookups. It will typically not be used for general DNSSEC validation of TLS endpoint names. Working Group Summary There was good support and no controversy on list or in meetings. Document Quality The draft has had a fair amount of review. I am not aware of implementations as it wasn't reported by the document shepherd. Personnel The document shepherd is Joseph Salowey and the responsible AD is Kathleen Moriarty. IANA Note A new value in the TLS ExtensionsType registry RFC Editor Note Please ensure a normative reference is added for NSEC3 in the final publication. Please ensure Richard Barnes affiliation is corrected from Mozilla to Cisco.