@techreport{josefsson-keyassure-tls-00,
    number =    {draft-josefsson-keyassure-tls-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-josefsson-keyassure-tls/00/},
    author =    {Simon Josefsson},
    title =     {{Confirming the Certificate structure in TLS with Secure DNS}},
    pagetotal = 5,
    year =      2010,
    month =     aug,
    day =       23,
    abstract =  {TLS supports X.509 and OpenPGP certificate based mechanisms to authenticate a server. Users want their applications to verify that the certificate provided by the TLS server is in fact associated with the domain name they expect. Instead of trusting a certificate authority to have made this association correctly, and an X.509/ OpenPGP implementation to validate that properly, the user might instead trust the authoritative DNS server for the domain name to make that association. This document describes how to use secure DNS to associate the certificate chain transferred by TLS with the intended domain name.},
}