A DANE Record and DNSSEC Authentication Chain Extension for TLS
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, Kathleen.Moriarty.email@example.com, Joseph Salowey <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt) The IESG has approved the following document: - 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' (draft-ietf-tls-dnssec-chain-extension-07.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-dnssec-chain-extension/
Technical Summary This draft describes a new TLS extension for transport of a DNS record set serialized with the DNSSEC signatures needed to authenticate that record set. The intent of this proposal is to allow TLS clients to perform DANE authentication of a TLS server without needing to perform additional DNS record lookups. It will typically not be used for general DNSSEC validation of TLS endpoint names. Working Group Summary There was good support and no controversy on list or in meetings. Document Quality The draft has had a fair amount of review. I am not aware of implementations as it wasn't reported by the document shepherd. Personnel The document shepherd is Joseph Salowey and the responsible AD is Kathleen Moriarty. IANA Note A new value in the TLS ExtensionsType registry
RFC Editor Note Please ensure a normative reference is added for NSEC3 in the final publication. Please ensure Richard Barnes affiliation is corrected from Mozilla to Cisco.