The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
Draft of message to be sent after approval:
From: The IESG
To: IETF-Announce Cc: RFC Editor , dane mailing list , dane chair Subject: Protocol Action: 'The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA' to Proposed Standard (draft-ietf-dane-protocol-23.txt) The IESG has approved the following document: - 'The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA' (draft-ietf-dane-protocol-23.txt) as Proposed Standard This document is the product of the DNS-based Authentication of Named Entities Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
Technical Summary Encrypted communication on the Internet often uses Transport Level Security (TLS), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrator of a domain name to publish the keys used in the DNS, secured with DNSSEC. Working Group Summary The working group made extensive use of the issue tracker: listing, opening, discussing and then calling consensus on each issue. This gave everyone the opportunity to participate and be heard. There have been approximately 2,000 messages discussing this (and closely related) documents. Document Quality There is a tool (Swede - https://github.com/pieterlexis/swede) that generates TLSA records, and a proof-of-concept implementation of DANE for NSS (https://mattmccutchen.net/cryptid/#nss-dane). A number of vendors have mentioned that they are planning on implementing the specification. I do not think that it would be fair (or possible) to single out any specific reviewers -- we have had a large number of very active reviewers / participants and they have all been very diligent (and sometimes vocal :-)) in providing feedback. Personnel Warren Kumari is acting as the Document Shepherd. Stephen Farrell is the Responsible Area Director.