datatracker.ietf.org
Sign In
Version 4.02, 2012-04-26
Report a bug

Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)
draft-ietf-dane-use-cases-05

RFC
Document Stream: IETF
Last updated: 2011-07-28
Intended RFC status:Informational

IETF State: WG Document (dane)
Document shepherd:

IESG State: RFC 6394
Responsible AD:Stephen Farrell
IESG Note:Ond?ej Sur� (ondrej.sury@nic.cz) is the Document Shepherd.

This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-dane-use-cases.

Abstract:
Many current applications use the certificate-based authentication features in TLS to allow clients to verify that a connected server properly represents a desired domain name. Typically, this authentication has been based on PKIX certificate chains rooted in well-known CAs, but additional information can be provided via the DNS itself. This document describes a set of use cases in which the DNS and DNSSEC could be used to make assertions that support the TLS authentication process. The main focus of this document is TLS server authentication, but it also covers TLS client authentication for applications where TLS clients are identified by domain names.

Authors:
Richard Barnes <rbarnes@bbn.com>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)