Skip to main content

Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,,,
Subject: Document Action: 'Using Secure DNS to Associate Certificates with Domain Names For S/MIME' to Experimental RFC (draft-ietf-dane-smime-16.txt)

The IESG has approved the following document:
- 'Using Secure DNS to Associate Certificates with Domain Names For
  (draft-ietf-dane-smime-16.txt) as Experimental RFC

This document is the product of the DNS-based Authentication of Named
Entities Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Ballot Text

Technical Summary:

   This document proposes a method to publish and "locate" S/MIME keys
   via DNS. The goal of this approach is to make it easier to find
   S/MIME keys for email addresses.  The document reuses  a "method" from RFC7929 to
   convert email-address into a special normal form. that is limited but
   is expected to cover many cases. The S/MIME DNS record specified has 
   been allocated by an Expert Review.  

   While the method inherited from RFC7929 has some detractors, this is 
   an experimental document, and that should not block the publication. 

Working Group Summary:

The main issues that the WG has discussed are 
a) is it a good idea to publish email addresses in DNSSEC signed zone? 
b) is the role of the normalization from strictly a normalization or an
obfuscation as well? 
The consensus of the WG is that as the publication is by the zone owner
it is an opt-in policy, there is no requirement for adoption thus the
issue need to be addressed in the light of each organizations
polices, i.e this is not a protocol issue. 
There is working group consensus to advance this document.

During AD review, the WG confirmed that they are ok to proceed
even though the current IPR declaration (still!) says that licensing 
will be provided "later" 

Document Quality:

This document is of high quality, and editors have been real good 
at making the document better. 

This document stands on the shoulders of RFC 7929


Document Shepherd is Olafur Gudmundsson 
Responsible AD is Stephen Farrell

RFC Editor Note