A DANE Record and DNSSEC Authentication Chain Extension for TLS

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-dnssec-chain-extension@ietf.org, Kathleen.Moriarty.ietf@gmail.com, Joseph Salowey <joe@salowey.net>, tls-chairs@ietf.org, shuque@gmail.com, rfc-editor@rfc-editor.org, joe@salowey.net, tls@ietf.org
Subject: Protocol Action: 'A DANE Record and DNSSEC Authentication Chain Extension for TLS' to Proposed Standard (draft-ietf-tls-dnssec-chain-extension-07.txt)

The IESG has approved the following document:
- 'A DANE Record and DNSSEC Authentication Chain Extension for TLS'
  (draft-ietf-tls-dnssec-chain-extension-07.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Kathleen Moriarty and Eric Rescorla.

A URL of this Internet Draft is:

Technical Summary

   This draft describes a new TLS extension for transport of a DNS
   record set serialized with the DNSSEC signatures needed to
   authenticate that record set.  The intent of this proposal is to
   allow TLS clients to perform DANE authentication of a TLS server
   without needing to perform additional DNS record lookups.  It will
   typically not be used for general DNSSEC validation of TLS endpoint

Working Group Summary

   There was good support and no controversy on list or in meetings.

Document Quality

   The draft has had a fair amount of review.  I am not aware of 
   implementations as it wasn't reported by the document


   The document shepherd is Joseph Salowey and the 
   responsible AD is Kathleen Moriarty.


     A new value in the TLS ExtensionsType registry

RFC Editor Note

Please ensure a normative reference is added for NSEC3 in the final publication.
Please ensure Richard Barnes affiliation is corrected from Mozilla to Cisco.