Skip to main content

DANE Authentication for Network Clients Everywhere
charter-ietf-dance-01

Revision differences

Document history

Date Rev. By Action
2022-03-23
01 Amy Vezza Responsible AD changed to Paul Wouters from Roman Danyliw
2021-09-24
01 Cindy Morgan New version available: charter-ietf-dance-01.txt
2021-09-24
00-02 Cindy Morgan State changed to Approved from External Review (Message to Community, Selected by Secretariat)
2021-09-24
00-02 Cindy Morgan IESG has approved the charter
2021-09-24
00-02 Cindy Morgan Closed "Approve" ballot
2021-09-24
00-02 Cindy Morgan WG action text was changed
2021-09-23
00-02 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2021-09-23
00-02 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2021-09-22
00-02 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2021-09-22
00-02 Benjamin Kaduk [Ballot Position Update] New position, Yes, has been recorded for Benjamin Kaduk
2021-09-22
00-02 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2021-09-22
00-02 Erik Kline [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline
2021-09-22
00-02 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2021-09-20
00-02 Roman Danyliw
Changed charter milestone "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC", set description to "TLS extension to indicate …
Changed charter milestone "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC", set description to "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC (PS)"
2021-09-20
00-02 Roman Danyliw Changed charter milestone "DANE client authentication and publication practice to WGLC", set description to "DANE client authentication and publication practice to WGLC (PS)"
2021-09-20
00-02 Roman Danyliw Changed charter milestone "DANCE architecture and use cases to WGLC", set description to "DANCE architecture and use cases to WGLC (informational)"
2021-09-20
00-02 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2021-09-20
00-02 Lars Eggert [Ballot comment]
It would be useful if each deliverable/milestones indicated the RFC status that is aimed at.
2021-09-20
00-02 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert
2021-09-17
00-02 Martin Duke [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke
2021-09-14
00-02 Roman Danyliw [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw
2021-09-10
00-02 Cindy Morgan Telechat date has been changed to 2021-09-23 from 2021-09-09
2021-09-10
00-02 Cindy Morgan Created "Approve" ballot
2021-09-10
00-02 Cindy Morgan Closed "Ready for external review" ballot
2021-09-10
00-02 Cindy Morgan State changed to External Review (Message to Community, Selected by Secretariat) from Start Chartering/Rechartering (Internal Steering Group/IAB Review)
2021-09-10
00-02 Cindy Morgan WG new work message text was changed
2021-09-10
00-02 Cindy Morgan WG review text was changed
2021-09-10
00-02 Cindy Morgan WG review text was changed
2021-09-10
00-02 Cindy Morgan WG review text was changed
2021-09-09
00-02 Murray Kucherawy [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy
2021-09-09
00-02 Francesca Palombini [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini
2021-09-09
00-02 John Scudder
[Ballot comment]
The charter defines “RPK” as “raw public keys”. This is a near-collision with “RPKI” defined in RFC 6480 as “resource public key infrastructure“. …
[Ballot comment]
The charter defines “RPK” as “raw public keys”. This is a near-collision with “RPKI” defined in RFC 6480 as “resource public key infrastructure“. Maybe this use of “RPK” is long-standing practice, in which case of course there’s not much to be done. I point it out in case the observation is useful. (Also, the acronym although defined is never referenced in the charter, so the definition could easily be left out if desired. The same is true of a few other acronyms.)
2021-09-09
00-02 John Scudder [Ballot Position Update] New position, No Objection, has been recorded for John Scudder
2021-09-08
00-02 Roman Danyliw
Changed charter milestone "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC", set due date to January 2023 from …
Changed charter milestone "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC", set due date to January 2023 from May 2022
2021-09-08
00-02 Roman Danyliw Changed charter milestone "DANE client authentication and publication practice to WGLC", set due date to January 2023 from May 2022
2021-09-08
00-02 Roman Danyliw New version available: charter-ietf-dance-00-02.txt
2021-09-08
00-01 Benjamin Kaduk
[Ballot comment]
    The DNS namespace, together with DNSSEC, forms the most
    widely-recognized namespace and authenticated lookup mechanism on the
    …
[Ballot comment]
    The DNS namespace, together with DNSSEC, forms the most
    widely-recognized namespace and authenticated lookup mechanism on the
    Internet. DANE builds on this authenticated lookup mechanism to enable
    public key-based TLS authentication which is resilient to impersonation,
    but only for TLS server identities.

We might reference RFC 6698 for DANE.

OVERLY PEDANTIC NITS

    The process of establishing trust in public-key-authenticated
    identity typically involves the use of a Public Key Infrastructure
    (PKI), and a shared PKI root of trust between the parties exchanging
    public keys.

"shared PKI root of trust" seems to imply that both parties have
credentials that chain up to the same root of trust (or at least that
the level of trust in the root is shared between parties), which need
not be the case.  In principle the parties can use credentials anchored
at different roots of trust, so long as the verifier is willing to use
the corresponding root of trust for this purpose.  So we might say
instead "and a root of trust deemed valid by the entity validating the
authenticated identity".  Or we could ignore it, and try to not be
overly pedantic.
2021-09-08
00-01 Benjamin Kaduk [Ballot Position Update] New position, Yes, has been recorded for Benjamin Kaduk
2021-09-08
00-01 Robert Wilton
[Ballot comment]
Sounds useful.

I'm wondering whether restricting the initial use case to TLS client only will limit its usefulness in IOT onboarding?

I'm not …
[Ballot comment]
Sounds useful.

I'm wondering whether restricting the initial use case to TLS client only will limit its usefulness in IOT onboarding?

I'm not sure if it is important, but from the scope of work, it is unclear to me whether the format of DNS DANE records would need to change, or whether this is use a new use of the existing DANE records.


Nits:

Para 3:
"DANE builds on" => "DANE built on"?  Or otherwise perhaps change "DANE did not" to "the DANE WG did not".

Para 4:
"large deployment" => "large deployments"?

Are the milestone dates correct (i.e., the architecture and use cases is expected to be standardized after the solution)?
2021-09-08
00-01 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2021-09-08
00-01 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2021-09-07
00-01 Erik Kline [Ballot Position Update] New position, Yes, has been recorded for Erik Kline
2021-09-07
00-01 Roman Danyliw New version available: charter-ietf-dance-00-01.txt
2021-09-07
00-00 Martin Duke [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke
2021-09-07
00-00 Zaheduzzaman Sarker [Ballot Position Update] New position, No Objection, has been recorded for Zaheduzzaman Sarker
2021-09-06
00-00 Éric Vyncke [Ballot comment]
In the first item in the scope of the WG there is no mention of DANE. Should there be one ?
2021-09-06
00-00 Éric Vyncke [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke
2021-09-06
00-00 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded for Lars Eggert
2021-09-03
00-00 Alvaro Retana [Ballot comment]
Just a nit: s/any required TLS protocol updates required to support/any TLS protocol updates required to support
2021-09-03
00-00 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2021-09-02
00-00 Roman Danyliw
[Ballot comment]
To the IESG -- As you review this charter text and the associate background, note that DANCE is motivated by the two DANISH …
[Ballot comment]
To the IESG -- As you review this charter text and the associate background, note that DANCE is motivated by the two DANISH BoFs held during IETF 110 and 111.  One of the items of feedback was to generalize the proposal to remove the IoT focus, hence the renaming of the group (from DANISH to DANCE).  Background materials from the BOF are at:

* DANISH BoFs:

* DANISH mailing list archive:
2021-09-02
00-00 Roman Danyliw [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw
2021-09-02
00-00 Amy Vezza Placed on agenda for telechat - 2021-09-09
2021-09-02
00-00 Roman Danyliw Added charter milestone "DANCE architecture and use cases to WGLC", due July 2022
2021-09-02
00-00 Roman Danyliw Added charter milestone "TLS extension to indicate DANE identification capability and the client's DANE identity name to WGLC", due May 2022
2021-09-02
00-00 Roman Danyliw Added charter milestone "DANE client authentication and publication practice to WGLC", due May 2022
2021-09-02
00-00 Roman Danyliw WG action text was changed
2021-09-02
00-00 Roman Danyliw WG review text was changed
2021-09-02
00-00 Roman Danyliw WG review text was changed
2021-09-02
00-00 Roman Danyliw Created "Ready for external review" ballot
2021-09-02
00-00 Roman Danyliw State changed to Start Chartering/Rechartering (Internal Steering Group/IAB Review) from Draft Charter
2021-09-01
00-00 Cindy Morgan Initial review time expires 2021-09-08
2021-09-01
00-00 Cindy Morgan State changed to Draft Charter from Not currently under review
2021-09-01
00-00 Cindy Morgan New version available: charter-ietf-dance-00-00.txt