Credential Confirmation with DNS
draft-steele-spice-tlsa-cnf-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Orie Steele | ||
Last updated | 2024-12-11 (Latest revision 2024-06-09) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources |
GitHub Repository
|
||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Digital Crededentials on the Internet often JSON Web Token (JWT) and CBOR Web Token (CWT), which depends on third parties to certify the keys used. This document improves on that situation by enabling the administrators of domain names to specify the keys used in that domain's digital credentials. This is accomplished by describing how to discover thumbprints for proof-of-possession keys, as described in RFC 7800 and RFC 8747, using TLSA Records as described in RFC 6698. This approach can be leveraged to develop revocation and assurance capabilities for digital credentials.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)