The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance
draft-ietf-dane-ops-16
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2015-10-14
|
16 | (System) | Notify list changed from draft-ietf-dane-ops.shepherd@ietf.org, draft-ietf-dane-ops@ietf.org, dane-chairs@ietf.org, warren@kumari.net, draft-ietf-dane-ops.ad@ietf.org to (None) |
2015-10-12
|
16 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-10-08
|
16 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-10-02
|
16 | (System) | RFC Editor state changed to RFC-EDITOR from AUTH |
2015-10-01
|
16 | (System) | RFC Editor state changed to AUTH from EDIT |
2015-09-21
|
16 | Elwyn Davies | Request for Telechat review by GENART Completed: Ready with Nits. Reviewer: Elwyn Davies. |
2015-08-11
|
16 | (System) | RFC Editor state changed to EDIT |
2015-08-11
|
16 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-08-11
|
16 | (System) | Announcement was received by RFC Editor |
2015-08-10
|
16 | (System) | IANA Action state changed to No IC from In Progress |
2015-08-10
|
16 | (System) | IANA Action state changed to In Progress |
2015-08-10
|
16 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2015-08-10
|
16 | Cindy Morgan | IESG has approved the document |
2015-08-10
|
16 | Cindy Morgan | Closed "Approve" ballot |
2015-08-10
|
16 | Cindy Morgan | Ballot approval text was generated |
2015-08-10
|
16 | Cindy Morgan | Ballot writeup was changed |
2015-08-10
|
16 | Stephen Farrell | Ballot writeup was changed |
2015-08-08
|
16 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-16.txt |
2015-08-08
|
15 | Viktor Dukhovni | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-08-08
|
15 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-15.txt |
2015-08-06
|
14 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2015-08-06
|
14 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2015-08-06
|
14 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-08-05
|
14 | Alia Atlas | [Ballot comment] Last sentence of p.6: "In other words, when all four usages are supported, PKIX-TA(2) and" should be PKIX-TA(0) |
2015-08-05
|
14 | Alia Atlas | [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas |
2015-08-05
|
14 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2015-08-05
|
14 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2015-08-05
|
14 | Cindy Morgan | Changed consensus to Yes from Unknown |
2015-08-05
|
14 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-08-04
|
14 | Ben Campbell | [Ballot comment] Thanks for this. I only have some editorial comments, and others have beaten me to the punch on all save the following: -- … [Ballot comment] Thanks for this. I only have some editorial comments, and others have beaten me to the punch on all save the following: -- Section 8, first paragraph: This section updates [RFC6698] by specifying a requirement on the TLSA Publisher to ensure that each combination of Certificate Usage, selector and matching type in the server's TLSA RRset MUST include at least one record that matches the server's current certificate chain. "Requirement on the ... publisher to ensure...that each combination... MUST include..." is sort of an odd construction for a 2119 MUST. Does the following capture the intent? NEW: This section updates [RFC6698] by specifying that the TLSA Publisher MUST ensure that each combination of Certificate Usage, selector and matching type in the server's TLSA RRset includes at least one record that matches the server's current certificate chain. END |
2015-08-04
|
14 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-08-04
|
14 | Alissa Cooper | [Ballot comment] Thanks for working on this. I agree generally with the editorial comments others have already made and I have a few more. Section … [Ballot comment] Thanks for working on this. I agree generally with the editorial comments others have already made and I have a few more. Section 4: s/generally RECOMMENDED./RECOMMENDED./ s/a mixture of clients; some supporting/a mixture of clients, some supporting/ Section 4.2: I note that this section is silent about the interaction between CT and the PKIX-TA(0) and PKIX-EE(1) usages. I'm assuming the implication is "go ahead and use CT if you want to in those cases," but whatever it is, might it be worth making it explicit here? Section 10.3: "A service with DNSSEC-validated TLSA records implicitly promises TLS support. When all the TLSA records for a service are found "unusable", due to unsupported parameter combinations or malformed associated data, DANE clients cannot authenticate the service certificate chain. When authenticated TLS is mandatory, the client SHOULD NOT connect to the associated server." Seems like that last requirement should be a MUST NOT. Section 14: "When TLS is opportunistic, the client MAY proceed to use the server with mandatory unauthenticated TLS." I find the use of the word "mandatory" here confusing -- what is mandatory in the opportunistic case? Seems like this would make more sense without the word "mandatory." |
2015-08-04
|
14 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2015-08-03
|
14 | Spencer Dawkins | [Ballot comment] Thanks for producing this document. I wish the IETF could produce more like it. I had a bunch of editorial comments and questions. … [Ballot comment] Thanks for producing this document. I wish the IETF could produce more like it. I had a bunch of editorial comments and questions. I see how nuanced the recommendations are, so I might just lack the background to understand some of the material, but I wanted to pass them along. I was sort of surprised that the first two paragraphs of the introduction were about TLS and DTLS, and DANE wasn't mentioned until the third paragraph. Maybe move the third paragraph to the top of the section? In section 1.1, in this text: TLSA parameters: In [RFC6698] the TLSA record is defined to consist of four fields. The first three of these are numeric parameters that specify the meaning of the data in the fourth and final field. This document refers to the first three fields as "TLSA parameters", or sometimes just "parameters" when obvious from context. I was pretty lost until I got to section 2, where at least the first three fields were named - the fourth wasn't named until the last line of Section 2.1. Any chance all four fields could be named here? In section 4, in this text: Protocol designers need to carefully consider which set of DANE certificate usages to support. Simultaneous support for all four usages is NOT RECOMMENDED for DANE clients. Protocol designers are encouraged to specify use of either the PKIX-TA(0) and PKIX-EE(1) ^^^^^^ ^^^ certificate usages, or the use of the DANE-TA(2) and DANE-EE(3) ^^ ^^^ usages. When all four usages are supported, an attacker capable of compromising the integrity of DNSSEC needs only to replace server's TLSA RRset with one that lists suitable DANE-EE(3) or DANE-TA(2) records, effectively bypassing an added verification via public CAs. In other words, when all four usages are supported, PKIX-TA(2) and PKIX-EE(1) offer only illusory incremental security over DANE-TA(2) and DANE-EE(3). I'm sure the third sentence is accurate, but it took me a while to parse the logical operators and figure out that the point was XOR ((A and B), (C and D)) (I think). I think the paragraph would actually be clearer with that sentence completely removed. About six paragraphs down into section 5.1, I see TLSA records published for DANE servers should, as a best practice, be "DANE-EE(3) SPKI(1) SHA2-256(1)" records. Is this an unqualified "do this in all cases"? If so, it's buried really deeply. If not, it wasn't obvious to me what the qualifications might be. Just as a nit, in section 5.2.2, I see With DANE-TA(2), a complication arises when the TA certificate is omitted from the server's certificate chain, perhaps on the basis of Section 7.4.2 of [RFC5246]: The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certification authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. Is that where the quote stops? I didn't check, but indenting the quote would help. Thanks for including section 10.1.1, UDP and TCP Considerations. In section 10.1.2, While TLSA records using a TLSA Selector of SPKI(1) and a TLSA Matching Type of Full(0) (which publish the bare public keys without the overhead of a containing X.509 certificate) are generally more compact, these are also best avoided as when significantly larger ^^^^^^^ than their digests. The ^^^^ text wasn't parsing for me. "because they are/can be significantly larger"? But I'm guessing. In section 10.3, If, on the other hand, the use of TLS is "opportunistic", then the client SHOULD generally use the server via an unauthenticated TLS connection, but if TLS encryption cannot be established, the client MUST NOT use the server. Standards for DANE specific to the particular application protocol may modify the above requirements, as appropriate. I found myself wondering how you'd know modifying those requirements is appropriate. Is there any guidance you could give, or an example? In section 11, When the registrar is also the DNS operator for the domain, one needs to consider whether the registrar will allow orderly migration of the domain to another registrar or DNS operator in a way that will maintain DNSSEC integrity. TLSA Publishers SHOULD ensure their registrar publishes a suitable domain transfer policy. I'm thinking that's not an RFC 2119 SHOULD, but if it is, I wonder why it's not a MUST ... I have the same thoughts about this text in section 11, DNS Operators SHOULD use a registrar lock of their domains to offer some protection against this possibility. and this text, in the following paragraph. TLSA Publishers SHOULD ensure their registrar publishes a suitable domain transfer policy. |
2015-08-03
|
14 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2015-08-03
|
14 | Kathleen Moriarty | [Ballot comment] Thanks for the discussion and updates from the SecDir review. https://www.ietf.org/mail-archive/web/secdir/current/msg05871.html |
2015-08-03
|
14 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2015-08-02
|
14 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-08-01
|
14 | Joel Jaeggli | [Ballot comment] from fred baker's opsdir review, I would like to see a commnet on these from the authors. thanks joel I have reviewed this … [Ballot comment] from fred baker's opsdir review, I would like to see a commnet on these from the authors. thanks joel I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Document reviewed: draft-ietf-dane-ops-12 Summary: Ready to go, two comments that might be considered last call or IESG comments if the AD agrees. I think the opening paragraph of the introduction needs some tweaking. The DANE TLSA specification ([RFC6698]) introduces the DNS "TLSA" resource record type. TLSA records associate a certificate or a public key of an end-entity or a trusted issuing authority with the corresponding TLS transport endpoint. DNSSEC validated DANE TLSA records can be used to augment or replace the use of trusted public Certification Authorities (CAs). I'm not an expert on this, but I think it would be more accurate to say that it replaces a PKI, not a CA. A CA probably deploys and operates a PKI. However, it does so in the context of a business - it vets entities that it will sell certificates to, and then sells them certificates, which it stores somewhere such as a PKI. I would expect that the CA, in this model, would have the same business (and hence is not replaced), but store its certificates in TLSA records instead of or in addition to in a PKI. In section 1.1, a number of terms are defined, including "public key". If "public key" needs definition (which it does, as the term is used to specifically refer to a field within a certificate, as opposed to a more general cryptographic usage), I think "Certificate Authority (CA)" and "Public Key Infrastructure (PKI)", which are also used throughout the document, require definition. You note that neither of these comments is substantive with respect to the protocol, the record, or the operational recommendations that the draft makes. Operationally, the document poses no requirements on operators as a general class. It does require that a DNS operator implement DNSSEC (else I'm not sure how one trusts a TLSA), and it has a number specific directions to the CA about the TLSA records it asks the DNS operator to store. However, an operator that simply offers transit service, for example, is not affected. |
2015-08-01
|
14 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-07-30
|
14 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2015-07-30
|
14 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2015-07-30
|
14 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2015-07-29
|
14 | Barry Leiba | [Ballot comment] Editorial comments only -- most very minor, but one for Section 4 and its subsections is more substantive. -- Section 1 -- … [Ballot comment] Editorial comments only -- most very minor, but one for Section 4 and its subsections is more substantive. -- Section 1 -- DNSSEC validated DANE TLSA records can be used to augment or replace the use of trusted public Too many cascading modifiers can make a sentence confusing (even if you were to hyphenate "DNSSEC-validated", as it should be). I suggest untangling that slightly, this way: NEW DANE TLSA records validated by DNSSEC can be used to augment or replace the use of trusted public END [RFC6698] defines three TLSA record fields with respectively 4, 2 and 3 currently specified values. There's nothing to correspond with "respectively" here (compare that with the correct use in the first paragrah of the Introduction). Try this: NEW [RFC6698] defines three TLSA record fields, the first with 4 possible values, the second with 2, and the third with 3. END -- Section 3 -- A bit of awkward wording here, and an overly long sentence, both easily fixed: OLD When a servers does support SNI, but is not configured with a certificate chain that exactly matches the client's SNI extension, SHOULD respond with some other (default or closest match) certificate chain, since clients may support more than one server name, but can only put a single name in the SNI extension. NEW When a server supports SNI but is not configured with a certificate chain that exactly matches the client's SNI extension, the server SHOULD respond with another certificate chain (a default or closest match). This is because clients might support more than one server name, but can only put a single name in the SNI extension. END -- Section 4 -- Protocol designers need to carefully consider which set of DANE certificate usages to support. I'm not sure why this (and the next sentence) is referring to "protocol designers". Is this not aimed at implementation/deployment choices? If that's not correct, who are the targets for this advice? I also find this section to be rather hard to follow -- I can't clearly figure out what the advice really is. Can you do a little reorganization here, separating the advice out from the explanation of why? I don't care whether you put the explanation first or the advice first, but it would help to have one paragraph that says, clearly and without fuss, what the recommendation is. This applies to the subsections as well. |
2015-07-29
|
14 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-07-26
|
14 | Viktor Dukhovni | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-07-26
|
14 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-14.txt |
2015-07-16
|
13 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Tina Tsou. |
2015-07-10
|
13 | Elwyn Davies | Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Elwyn Davies. |
2015-07-09
|
13 | Amy Vezza | Telechat date has been changed to 2015-08-06 from 2015-08-05 |
2015-07-03
|
13 | Stephen Farrell | Ballot writeup was changed |
2015-07-02
|
13 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2015-07-02
|
13 | Stephen Farrell | Placed on agenda for telechat - 2015-08-05 |
2015-07-02
|
13 | Stephen Farrell | IESG state changed to IESG Evaluation from Waiting for Writeup |
2015-07-02
|
13 | Stephen Farrell | Ballot has been issued |
2015-07-02
|
13 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-07-02
|
13 | Stephen Farrell | Created "Approve" ballot |
2015-07-02
|
13 | Stephen Farrell | Ballot writeup was changed |
2015-07-01
|
13 | Viktor Dukhovni | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-07-01
|
13 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-13.txt |
2015-06-30
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Fred Baker. |
2015-06-24
|
12 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-06-19
|
12 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-06-19
|
12 | Pearl Liang | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-dane-ops-12, which is currently in Last Call, and has the following comments: We understand that, upon … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-dane-ops-12, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
2015-06-18
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Tina Tsou |
2015-06-18
|
12 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Tina Tsou |
2015-06-12
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Elwyn Davies |
2015-06-12
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to Elwyn Davies |
2015-06-12
|
12 | Jean Mahoney | Closed request for Last Call review by GENART with state 'Withdrawn' |
2015-06-11
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to David Black |
2015-06-11
|
12 | Jean Mahoney | Request for Last Call review by GENART is assigned to David Black |
2015-06-11
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Fred Baker |
2015-06-11
|
12 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Fred Baker |
2015-06-10
|
12 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2015-06-10
|
12 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Updates to and Operational Guidance … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Updates to and Operational Guidance for the DANE Protocol) to Proposed Standard The IESG has received a request from the DNS-based Authentication of Named Entities WG (dane) to consider the following document: - 'Updates to and Operational Guidance for the DANE Protocol' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-06-24. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document clarifies and updates the DNS-Based Authentication of Named Entities (DANE) TLSA specification (RFC6698) based on subsequent implementation experience. It also contains guidance for implementers, operators and protocol developers who want to make use of DANE records. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dane-ops/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-dane-ops/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-06-10
|
12 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2015-06-10
|
12 | Stephen Farrell | Last call was requested |
2015-06-10
|
12 | Stephen Farrell | Ballot approval text was generated |
2015-06-10
|
12 | Stephen Farrell | Ballot writeup was generated |
2015-06-10
|
12 | Stephen Farrell | IESG state changed to Last Call Requested from AD Evaluation |
2015-06-10
|
12 | Stephen Farrell | Last call announcement was generated |
2015-06-03
|
12 | Stephen Farrell | Last call announcement was generated |
2015-06-03
|
12 | Stephen Farrell | IESG state changed to AD Evaluation from Publication Requested |
2015-06-02
|
12 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-12.txt |
2015-05-29
|
11 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-11.txt |
2015-05-29
|
10 | Amy Vezza | Notification list changed to draft-ietf-dane-ops.shepherd@ietf.org, draft-ietf-dane-ops@ietf.org, dane-chairs@ietf.org, warren@kumari.net, draft-ietf-dane-ops.ad@ietf.org from "Warren Kumari" <warren@kumari.net> |
2015-05-29
|
10 | Warren Kumari | (1) What type of RFC is being requested: Standards Track. This document updates RFC 6698, which is a Standards Track document. (2) The IESG … (1) What type of RFC is being requested: Standards Track. This document updates RFC 6698, which is a Standards Track document. (2) The IESG approval announcement includes a Document Announcement Write-Up. Technical Summary: This document clarifies and updates the DNS-Based Authentication of Named Entities (DANE) TLSA specification based on subsequent implementation experience. It also contains guidance for implementers, operators and protocol developers who want to make use of DANE records. Working Group Summary: This document receieved significant discussion, and reflects new understanding of how DANE is being used and deployed. It provides advice to operators and implementors. Document Quality: This document describes how to actually use and interpret RFC 6698 now that we have some experience with it. It is very clearly written, easily understood, and makes a good introductory document as well. Personnel: Warren Kumari is the Document Shepherd, Stephen Farrell is Responsible... (3) Briefly describe the review of this document that was performed by the Document Shepherd. The DS has followed the progression of the document as it progressed through its many versions. The document has had a long life, and the authors have done a great job of keeping it alive, and updated as we have gained new experience. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? Nope. (5) Do portions of the document need review from a particular or from broader perspective? Nope. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? None. (7) Has each author confirmed that any and all appropriate IPR disclosures? Yes. (8) Has an IPR disclosure been filed that references this document? No (9) How solid is the WG consensus behind this document? Strong. The final WGLC only get a few responses, but they were positive, and the document has received significant discussion and updates over the years. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? Nope. (11) Identify any ID nits the Document Shepherd has found in this document. None. (12) Describe how the document meets any required formal review criteria. It doesn't --- largely because there are none. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? No. There are two *informative* references to drafts, one of which is with the IESG, the other with the RFC Editor. (15) Are there downward normative references references (see RFC 3967)? Nope. (16) Will publication of this document change the status of any existing RFCs? This updates RFC 6698. This is on the title page, listed in the abstract, and there is a section (12) explaining the changes. The introduction discusses why updates / clarifications were made, and points to the section describing the changes. (17) Describe the Document Shepherd's review of the IANA considerations section. "This specification requires no support from IANA." -- I'll spare you the standard joke about having read that multiple times, the font, etc... at least, this time.... (18) List any new IANA registries that require Expert Review for future allocations. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No formal language in the document. |
2015-05-29
|
10 | Warren Kumari | Responsible AD changed to Stephen Farrell |
2015-05-29
|
10 | Warren Kumari | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2015-05-29
|
10 | Warren Kumari | IESG state changed to Publication Requested |
2015-05-29
|
10 | Warren Kumari | IESG process started in state Publication Requested |
2015-05-29
|
10 | Warren Kumari | Tag Doc Shepherd Follow-up Underway cleared. |
2015-05-29
|
10 | Warren Kumari | Changed document writeup |
2015-05-29
|
10 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-10.txt |
2015-05-27
|
09 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-09.txt |
2015-05-20
|
08 | Warren Kumari | Tag Doc Shepherd Follow-up Underway set. |
2015-05-20
|
08 | Warren Kumari | IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document |
2015-05-20
|
08 | Warren Kumari | Intended Status changed to Proposed Standard from None |
2015-05-20
|
08 | Warren Kumari | Changed document writeup |
2015-05-20
|
08 | Warren Kumari | Notification list changed to "Warren Kumari" <warren@kumari.net> |
2015-05-20
|
08 | Warren Kumari | Document shepherd changed to Warren Kumari |
2015-05-13
|
08 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-08.txt |
2014-10-25
|
07 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-07.txt |
2014-08-16
|
06 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-06.txt |
2014-07-03
|
05 | Wes Hardaker | New version available: draft-ietf-dane-ops-05.txt |
2014-06-23
|
04 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-04.txt |
2014-02-14
|
03 | Wes Hardaker | New version available: draft-ietf-dane-ops-03.txt |
2014-01-15
|
02 | Viktor Dukhovni | New version available: draft-ietf-dane-ops-02.txt |
2013-10-21
|
01 | Wes Hardaker | New version available: draft-ietf-dane-ops-01.txt |
2013-10-08
|
00 | Wes Hardaker | New version available: draft-ietf-dane-ops-00.txt |