This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-dane-use-cases.
Abstract:
Many current applications use the certificate-based authentication
features in TLS to allow clients to verify that a connected server
properly represents a desired domain name. Typically, this
authentication has been based on PKIX certificate chains rooted in
well-known CAs, but additional information can be provided via the
DNS itself. This document describes a set of use cases in which the
DNS and DNSSEC could be used to make assertions that support the TLS
authentication process. The main focus of this document is TLS
server authentication, but it also covers TLS client authentication
for applications where TLS clients are identified by domain names.
Authors:
Richard Barnes <rbarnes@bbn.com>
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)
datatracker.ietf.org