Storing Certificates in the Domain Name System (DNS)
RFC 4398

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    dnsext mailing list <>, 
    dnsext chair <>
Subject: Protocol Action: 'Storing Certificates in the Domain 
         Name System (DNS)' to Proposed Standard 

The IESG has approved the following document:

- 'Storing Certificates in the Domain Name System (DNS) '
   <draft-ietf-dnsext-rfc2538bis-10.txt> as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Margaret Wasserman and Mark Townsley.

A URL of this Internet-Draft is:

Technical Summary

This document describes how to store cryptographic public keys in RR
records.  It updates RFC2538 by clarifying the format and handling of
OpenPGP public keys, clarifying representation issues, aligning the
document with DNSSECbis terminology and clarifying how owner names need
to be (re)constructed for specific types of public keys.

Working Group Summary
This document is a work item of the DNSEXT WG.

For IESG review it may be useful to know that the document Editor
clearly documented the editorial history of the document on:

Protocol Quality

RFC2538 has been implemented. Some of the problems discovered during
implementation of RFC2538 have been addressed in this document.

It was the intention of the working group to also supply an
interoperability report so that this document could advance RFC2538 up
the standards track. Unfortunately the WG could not draft volunteers.

It is the intention that this document obsoletes 2538 and that the
specification remains at proposed standard.

Note that some of the examples in this document do not coply with RFC
3330.  Those examples were taken verbatim from RFC 2538 and have been
maintained for consistency.

This document was reviewed for the IESG by Margaret Wasserman.