From: The IESG <firstname.lastname@example.org>
To: IETF-Announce <email@example.com>
Cc: RFC Editor <firstname.lastname@example.org>,
dane mailing list <email@example.com>,
dane chair <firstname.lastname@example.org>
Subject: Protocol Action: 'The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA' to Proposed Standard (draft-ietf-dane-protocol-23.txt)
The IESG has approved the following document:
- 'The DNS-Based Authentication of Named Entities (DANE) Transport Layer
Security (TLS) Protocol: TLSA'
(draft-ietf-dane-protocol-23.txt) as Proposed Standard
This document is the product of the DNS-based Authentication of Named
Entities Working Group.
The IESG contact persons are Stephen Farrell and Sean Turner.
A URL of this Internet Draft is:
Encrypted communication on the Internet often uses Transport Level
Security (TLS), which depends on third parties to certify the keys
used. This document improves on that situation by enabling the
administrator of a domain name to publish the keys used in the
DNS, secured with DNSSEC.
Working Group Summary
The working group made extensive use of the issue tracker:
listing, opening, discussing and then calling consensus on
each issue. This gave everyone the opportunity to participate
and be heard. There have been approximately 2,000 messages
discussing this (and closely related) documents.
There is a tool (Swede - https://github.com/pieterlexis/swede)
that generates TLSA records, and a proof-of-concept implementation
of DANE for NSS (https://mattmccutchen.net/cryptid/#nss-dane).
A number of vendors have mentioned that they are planning on
implementing the specification.
I do not think that it would be fair (or possible) to single
out any specific reviewers -- we have had a large number of very
active reviewers / participants and they have all been very diligent
(and sometimes vocal :-)) in providing feedback.
Warren Kumari is acting as the Document Shepherd.
Stephen Farrell is the Responsible Area Director.