Technical Summary
This draft describes a new TLS extension for transport of a DNS
record set serialized with the DNSSEC signatures needed to
authenticate that record set. The intent of this proposal is to
allow TLS clients to perform DANE authentication of a TLS server
without needing to perform additional DNS record lookups. It will
typically not be used for general DNSSEC validation of TLS endpoint
names.
Working Group Summary
There was good support and no controversy on list or in meetings.
Document Quality
The draft has had a fair amount of review. I am not aware of
implementations as it wasn't reported by the document
shepherd.
Personnel
The document shepherd is Joseph Salowey and the
responsible AD is Kathleen Moriarty.
IANA Note
A new value in the TLS ExtensionsType registry
RFC Editor Note
RFC Editor Note
Please ensure a normative reference is added for NSEC3 in the final publication.
Please ensure Richard Barnes affiliation is corrected from Mozilla to Cisco.