Kerberos experts might be interested in this draft. I did not have time to go
through this yet.

Discussion continues on dns...@ietf.org, please reply there.

Petr^2 Spacek

-------- Forwarded Message --------
Subject: [dnsext] New RRtype "KREALM" in draft-vanrein-dnstxt-krb1-02.txt
Date: Thu, 03 Sep 2015 17:36:08 +0200
From: Rick van Rein <r...@openfortress.nl>
To: dns...@ietf.org


I am working on an I-D that allocates a new RRtype in DNS, named
KREALM.  This RR is meant to store Kerberos realm descriptions in DNS;
this has hitherto been desired but impossible to do securely, but
nowadays the broad acceptance of DNSSEC permits this facility.

Please let me know if you have any feedback or questions!


Rick van Rein
for ARPA2.net

> A new version of I-D, draft-vanrein-dnstxt-krb1-02.txt
> has been successfully submitted by Rick van Rein and posted to the
> IETF repository.
> Name:         draft-vanrein-dnstxt-krb1
> Revision:     02
> Title:                Kerberos Realm Descriptors in DNS (KREALM)
> Document date:        2015-09-03
> Group:                Individual Submission
> Pages:                15
> URL:            
> https://www.ietf.org/internet-drafts/draft-vanrein-dnstxt-krb1-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-vanrein-dnstxt-krb1/
> Htmlized:       https://tools.ietf.org/html/draft-vanrein-dnstxt-krb1-02
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-vanrein-dnstxt-krb1-02
> Abstract:
>    This specification defines methods to determine Kerberos realm
>    descriptive information for services that are known by their DNS
>    name.  Currently, finding such information is done through static
>    mappings or educated guessing.  DNS can make this process more
>    dynamic, provided that DNSSEC is used to ensure authenticity of
>    resource records.

dnsext mailing list

Petr^2 Spacek

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to