Using Secure DNS to Associate Certificates with Domain Names For TLS
draft-hoffman-keys-linkage-from-dns-03

 
Document Type Expired Internet-Draft (individual)
Last updated 2010-10-04
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-hoffman-keys-linkage-from-dns-03.txt

Abstract

TLS and DTLS use certificates for authenticating the server. Users want their applications to verify that the certificate provided by the TLS server is in fact associated with the domain name they expect. Instead of trusting a certificate authority to have made this association correctly, the user might instead trust the authoritative DNS server for the domain name to make that association. This document describes how to use secure DNS to associate the TLS server's certificate with the the intended domain name.

Authors

Paul Hoffman (paul.hoffman@vpnc.org)
Jakob Schlyter (jakob@kirei.se)
Warren Kumari (warren@kumari.net)
Adam Langley (agl@google.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)