The DANE Authentication Chain Extension for TLS
draft-dukhovni-tls-dnssec-chain-02

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Viktor Dukhovni  , Shumon Huque  , Willem Toorop  , Paul Wouters  , Melinda Shore 
Last updated 2021-03-04 (latest revision 2020-06-14)
Stream Independent Submission
Formats
Expired & archived
plain text xml pdf htmlized bibtex
Reviews
IETF conflict review conflict-review-dukhovni-tls-dnssec-chain
Stream ISE state Response to Review Needed
Revised I-D Needed
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-dukhovni-tls-dnssec-chain-02.txt

Abstract

This draft describes a new TLS extension for in-band transport of the complete set of DNSSEC validated records needed to perform DANE authentication of a TLS server without the need to perform separate out-of-band DNS lookups. When the requisite DNS records do not exist, the extension conveys a validated denial of existence proof.

Authors

Viktor Dukhovni (ietf-dane@dukhovni.org)
Shumon Huque (shuque@gmail.com)
Willem Toorop (willem@nlnetlabs.nl)
Paul Wouters (pwouters@redhat.com)
Melinda Shore (mshore@fastly.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)