TLS DNSSEC Chain Extension
draft-dukhovni-tls-dnssec-chain-08
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2021-08-11
|
08 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2021-07-20
|
08 | (System) | RFC Editor state changed to AUTH48 |
2021-07-07
|
08 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2021-06-16
|
08 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2021-06-16
|
08 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2021-06-16
|
08 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2021-06-15
|
08 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2021-06-15
|
08 | (System) | IANA Action state changed to In Progress from On Hold |
2021-06-10
|
08 | (System) | RFC Editor state changed to EDIT from MISSREF |
2021-06-10
|
08 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-08.txt |
2021-06-10
|
08 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-06-10
|
08 | Paul Wouters | Uploaded new revision |
2021-06-09
|
07 | (System) | RFC Editor state changed to MISSREF |
2021-06-09
|
07 | (System) | IANA Action state changed to On Hold from In Progress |
2021-06-09
|
07 | (System) | IANA Action state changed to In Progress |
2021-06-09
|
07 | Adrian Farrel | ISE state changed to Sent to the RFC Editor from In IESG Review |
2021-06-09
|
07 | Adrian Farrel | Sent request for publication to the RFC Editor |
2021-06-06
|
07 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2021-06-06
|
07 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-07.txt |
2021-06-06
|
07 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-06-06
|
07 | Paul Wouters | Uploaded new revision |
2021-06-03
|
06 | Michelle Cotton | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2021-05-31
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2021-05-31
|
06 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-06.txt |
2021-05-31
|
06 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-05-31
|
06 | Paul Wouters | Uploaded new revision |
2021-05-18
|
05 | (System) | IANA Review state changed to IANA OK - Actions Needed |
2021-05-18
|
05 | Michelle Cotton | (Via drafts-eval@iana.org): IESG/Authors/ISE: The IANA Functions Operator has completed its review of draft-dukhovni-tls-dnssec-chain. If any part of this review is inaccurate, please let us … (Via drafts-eval@iana.org): IESG/Authors/ISE: The IANA Functions Operator has completed its review of draft-dukhovni-tls-dnssec-chain. If any part of this review is inaccurate, please let us know. We understand that when this document is sent to us for processing, we will perform one registry action. The following entry will be added to the TLS ExtensionType Values registry at https://www.iana.org/assignments/tls-extensiontype-values: Value: TBD Extension Name: dnssec_chain TLS 1.3: CH Recommended: No Reference: this document Thank you, Michelle Cotton Protocol Parameters Engagement Sr. Manager IANA Services |
2021-05-18
|
05 | Michelle Cotton | IANA Experts State changed to Expert Reviews OK from Reviews assigned |
2021-05-17
|
05 | Michelle Cotton | IANA Experts State changed to Reviews assigned |
2021-05-13
|
05 | Adrian Farrel | ISE state changed to In IESG Review from In ISE Review |
2021-05-13
|
05 | Adrian Farrel | IETF conflict review initiated - see conflict-review-dukhovni-tls-dnssec-chain |
2021-05-13
|
05 | Adrian Farrel | draft-dukhovni-tls-dnssec-chain has been brought to the ISE for publication as an Experimental RFC on the Independent Submission Stream. ==Purpose== This document describes an experimental TLS … draft-dukhovni-tls-dnssec-chain has been brought to the ISE for publication as an Experimental RFC on the Independent Submission Stream. ==Purpose== This document describes an experimental TLS extension for in-band transport of the complete set of DNSSEC validated records needed to perform DANE authentication of a TLS server. The document is published to allow interoperable experimental implementations and to gather feedback on whether the approach works and is useful. ==History== This document was originally processed by the TLS WG. There was late feedback questioning whether it would be effective and wondering about the threat model it addressed. That discussion got very heated and acrimonious, and the WG failed to reach any consensus and it seemed that there was no further energy to attempt consensus. The proponents of various deployment models were advised (by the TLS chairs) to seek publication of independent documents for the given use cases via ISE or other venues. The ISE consulted with the Sec ADs and TLS chairs to find out whether this work should be done within the TLS WG. They confirmed this view and suggested that the path through the working group was "blocked". ==Not the IETF== The Abstract and Introduction are clear that this work was developed outside the IETF. ==Scope of the Experiment== This document has a dedicated section (1.1) to describe the scope of the experiment. That section clearly notes the concerns raised in the TLS working group. ==IANA== This document requests a code point from the TLS ExtensionType Values registry https://www.iana.org/assignments/tls-extensiontype-values. That registry is "Specification Required" which will be covered by this document if published on the Independent Submissions Stream. The assignment request suggests that the codepoint be marked as Recommended = "No" which is appropriate for a non-IETF document. Per RFC 8447 Section 17, the authors have sent mail to the mailing list tls-reg-review@ietf.org. Rich Salz responded: Sure, the draft is readable and implementable. You can have number 59, if one of the other two reviewers agree. We wait to hear from a second reviewer. ==Reviews== Reviews were initially hard to find. Many people considered themselves compromised by either their support of or opposition to the draft and declined to give a review. Ultimately, reviews were performed for the ISE as follows: - Nico Williams : positive, but no detailed comments - Stephen Farrell : small comments - Shane Kerr : detailed review - Matthijs Mekking : detailed review The ISE also performed a review. Details of the reviews are available on request. |
2021-05-10
|
05 | Adrian Farrel | draft-dukhovni-tls-dnssec-chain has been brought to the ISE for publication as an Experimental RFC on the Independent Submission Stream. ==Purpose== This document describes an experimental TLS … draft-dukhovni-tls-dnssec-chain has been brought to the ISE for publication as an Experimental RFC on the Independent Submission Stream. ==Purpose== This document describes an experimental TLS extension for in-band transport of the complete set of DNSSEC validated records needed to perform DANE authentication of a TLS server. The document is published to allow interoperable experimental implementations and to gather feedback on whether the approach works and is useful. ==History== This document was originally processed by the TLS WG. There was late feedback questioning whether it would be effective and wondering about the threat model it addressed. That discussion got very heated and acrimonious, and the WG failed to reach any consensus and it seemed that there was no further energy to attempt consensus. The proponents of various deployment models were advised (by the TLS chairs) to seek publication of independent documents for the given use cases via ISE or other venues. The ISE consulted with the Sec ADs and TLS chairs to find out whether this work should be done within the TLS WG. They confirmed this view and suggested that the path through the working group was "blocked". ==Not the IETF== The Abstract and Introduction are clear that this work was developed outside the IETF. ==Scope of the Experiment== This document has a dedicated section (1.1) to describe the scope of the experiment. That section clearly notes the concerns raised in the TLS working group. ==IANA== This document requests a code point from the TLS ExtensionType Values registry https://www.iana.org/assignments/tls-extensiontype-values. That registry is "Specification Required" which will be covered by this document if published on the Independent Submissions Stream. The assignment request suggests that the codepoint be marked as Recommended = "No" which is appropriate for a non-IETF document. The authors need to respond to me about RFC 8447 Section 17 <<<<<<<<<<<<<<<<<<<<<<<< ==Reviews== Reviews were initially hard to find. Many people considered themselves compromised by either their support of or opposition to the draft and declined to give a review. Ultimately, reviews were performed for the ISE as follows: - Nico Williams : positive, but no detailed comments - Stephen Farrell : small comments - Shane Kerr : detailed review - Matthijs Mekking : detailed review The ISE also performed a review. Details of the reviews are available on request. |
2021-05-10
|
05 | Adrian Farrel | Notification list changed to rfc-ise@rfc-editor.org because the document shepherd was set |
2021-05-10
|
05 | Adrian Farrel | Document shepherd changed to Adrian Farrel |
2021-05-10
|
05 | Adrian Farrel | ISE state changed to In ISE Review from Response to Review Needed |
2021-05-05
|
05 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-05.txt |
2021-05-05
|
05 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-05-05
|
05 | Paul Wouters | Uploaded new revision |
2021-04-28
|
04 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-04.txt |
2021-04-28
|
04 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2021-04-28
|
04 | Paul Wouters | Uploaded new revision |
2021-04-15
|
03 | Jenny Bui | This document now replaces draft-ietf-tls-dnssec-chain-extension instead of None |
2021-04-15
|
03 | (System) | Revised ID Needed tag cleared |
2021-04-15
|
03 | Willem Toorop | New version available: draft-dukhovni-tls-dnssec-chain-03.txt |
2021-04-15
|
03 | (System) | WG -00 approved |
2021-04-13
|
03 | (System) | Request for posting approval emailed to group chairs: tls-chairs@ietf.org |
2021-04-13
|
03 | Willem Toorop | Uploaded new revision |
2021-03-04
|
02 | Adrian Farrel | Tag Revised I-D Needed set. Tag Awaiting Reviews cleared. |
2021-03-04
|
02 | Adrian Farrel | ISE state changed to Response to Review Needed from Finding Reviewers |
2020-12-16
|
02 | (System) | Document has expired |
2020-08-17
|
02 | Adrian Farrel | Tag Awaiting Reviews set. |
2020-08-17
|
02 | Adrian Farrel | ISE state changed to Finding Reviewers from Submission Received |
2020-06-14
|
02 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-02.txt |
2020-06-14
|
02 | (System) | New version approved |
2020-06-14
|
02 | (System) | Request for posting confirmation emailed to previous authors: Paul Wouters , Shumon Huque , Viktor Dukhovni , Melinda Shore , Willem Toorop |
2020-06-14
|
02 | Paul Wouters | Uploaded new revision |
2020-01-19
|
01 | Adrian Farrel | ISE state changed to Submission Received |
2020-01-19
|
01 | Adrian Farrel | Intended Status changed to Experimental from None |
2020-01-19
|
01 | Adrian Farrel | Stream changed to ISE from None |
2019-12-17
|
01 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-01.txt |
2019-12-17
|
01 | (System) | New version approved |
2019-12-17
|
01 | (System) | Request for posting confirmation emailed to previous authors: Melinda Shore , Paul Wouters , Viktor Dukhovni , Willem Toorop , Shumon Huque |
2019-12-17
|
01 | Paul Wouters | Uploaded new revision |
2019-11-04
|
00 | Paul Wouters | New version available: draft-dukhovni-tls-dnssec-chain-00.txt |
2019-11-04
|
00 | (System) | New version accepted (logged-in submitter: Paul Wouters) |
2019-11-04
|
00 | Paul Wouters | Uploaded new revision |