DNS Extension for SRV-Client Address Authorization (SRV-CAA)
draft-dougotis-srv-caa-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Douglas Otis | ||
| Last updated | 2004-05-17 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Typical use of DNS records enables resolving a server address, but this record extension authorizes clients to initiate a specific protocol. This document simply extends definitions for fields of a DNS SRV record as defined in [RFC2782] and appends '_c' to the label in the Proto field. This extension enables administrative control of a domain referenced by a client as it enables verification of permitted client addresses. This record extension is useful to authorize a client for a specific protocol and possibly useful for confirming veracity of a return path also referenced by a client. Although an in-addr.arpa IP address reverse DNS query may assert a domain, the domain referenced within client identification may be an alias and thus not match. In addition, specific protocol authorization for the client can not be deduced and reverse DNS information is optional, typically administered separately or not delegated, and thus often providing information of limited value.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)