The IETF has a working group developing a standard for new DNS records
that let a zone admin declare the public key(s) belonging to SSL servers
in that zone; this can be used as a complement to the existing CA
infrastructure, or instead of that infrastructure.
The specification is in WG Last Call; now would be an excellent time for
critique from implementors.
http://www.ietf.org/internet-drafts/draft-ietf-dane-protocol-17.txt
Please send comments directly to d...@ietf.org. (You'll need to sign up
for the mailing list -- https://www.ietf.org/mailman/listinfo/dane -- or
they'll get stuck in a moderation queue.)
zw
-------- Original Message --------
Subject: [dane] I-D Action: draft-ietf-dane-protocol-17.txt
Date: Wed, 29 Feb 2012 07:47:24 -0800
From: internet-dra...@ietf.org
To: i-d-annou...@ietf.org
CC: d...@ietf.org
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the DNS-based Authentication
of Named Entities Working Group of the IETF.
Title : The DNS-Based Authentication of Named Entities (DANE)
Protocol for Transport Layer Security (TLS)
Author(s) : Paul Hoffman
Jakob Schlyter
Filename : draft-ietf-dane-protocol-17.txt
Pages : 31
Date : 2012-02-29
Encrypted communication on the Internet often uses Transport Level
Security (TLS), which depends on third parties to certify the keys
used. This document improves on that situation by enabling the
administrator of a domain name to certify the keys used in that
domain's TLS servers. This requires matching improvements in TLS
client software, but no change in TLS server software.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dane-protocol-17.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-dane-protocol-17.txt
_______________________________________________
dane mailing list
d...@ietf.org
https://www.ietf.org/mailman/listinfo/dane
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto