[dnsext] Requesting Expert review for RRTYPE application for draft-ietf-dane-protocol-18.
Warren Kumari <warren@kumari.net> Mon, 12 March 2012 18:11 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2CED21F8979 for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 11:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6EU0Q5Ua5BZQ for <dnsext@ietfa.amsl.com>; Mon, 12 Mar 2012 11:11:52 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 67D2E21F8968 for <dnsext@ietf.org>; Mon, 12 Mar 2012 11:11:50 -0700 (PDT)
Received: from [10.196.208.139] (unknown [199.91.193.1]) by vimes.kumari.net (Postfix) with ESMTPSA id D2AF91B407FB for <dnsext@ietf.org>; Mon, 12 Mar 2012 14:11:49 -0400 (EDT)
From: Warren Kumari <warren@kumari.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 12 Mar 2012 12:11:48 -0600
Message-Id: <C70B2BA8-2707-41AA-9183-6EB43BA3C006@kumari.net>
To: dnsext@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [dnsext] Requesting Expert review for RRTYPE application for draft-ietf-dane-protocol-18.
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 18:11:52 -0000
Hi dnsext. I am requesting Expert review for an RRTYPE allocation for draft-ietf-dane-protocol-18. I have CCed this to dns-rrtype-applications@ietf.org (listed in rfc6195), but seem to remember that posting to DNSEXT is the new, correct(er) process…. W I have included the completed template below: ------- A. Submission Date: 12 March 2012 B. Submission Type: [X] New RRTYPE [ ] Modification to existing RRTYPE C. Contact Information for submitter (will be publicly posted): Name: Warren Kumari Email Address: warren@kumari.net International telephone number: +1-571-748-4373 Other contact handles: D. Motivation for the new RRTYPE application. Encrypted communication on the Internet often uses Transport Level Security (TLS), which depends on third parties to certify the keys used. The allocation of this RRTYPE will improve this situation by enabling the administrator of a domain name to certify the keys used in that domain's TLS servers by publishing information in the DNS. E. Description of the proposed RR type. A description of tge RR type is in draft-ietf-dane-protocol-18.txt, Section 2 The TLSA Resource Record ( http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt ) F. What existing RRTYPE or RRTYPEs come closest to filling that need and why are they unsatisfactory? The CERT (37) RR, RFC 4398 is closest. It is not suitable for this particular use as it is not flexible enough. It *would* be possiable to shoehorn this into the CERT RR, but would be very kludgy. G. What mnemonic is requested for the new RRTYPE (optional)? TLSA H. Does the requested RRTYPE make use of any existing IANA registry or require the creation of a new IANA sub-registry in DNS Parameters? If so, please indicate which registry is to be used or created. If a new sub-registry is needed, specify the allocation policy for it and its initial contents. Also include what the modification procedures will be. This is in the the draft (http://tools.ietf.org/id/draft-ietf-dane-protocol-18.txt). It is included here for completeness, but reviewers are encouraged to consult the draft as the formatting is cleaner. #1: TLSA Usages. A new registry, "Certificate Usages for TLSA Resource Records". The registry policy is "RFC Required". The initial entries in the registry are: Value Short description Reference ---------------------------------------------------------- 0 CA constraint [This] 1 Service certificate constraint [This] 2 Trust anchor assertion [This] 3 Domain-issued certificate [This] 4-254 Unassigned 255 Private use #2: TLSA Selectors A new registry, "Selectors for TLSA Resource Records". The registry policy is "Specification Required". The initial entries in the registry are: Value Short description Reference ---------------------------------------------------------- 0 Full Certificate [This] 1 SubjectPublicKeyInfo [This] 2-254 Unassigned 255 Private use #3: TLSA Matching Types A new registry, "Matching Types for TLSA Resource Records". The registry policy is "Specification Required". The initial entries in the registry are: Value Short description Reference -------------------------------------------------------- 0 No hash used [This] 1 SHA-256 RFC 6234 2 SHA-512 RFC 6234 3-254 Unassigned 255 Private use I. Does the proposal require/expect any changes in DNS servers/resolvers that prevent the new type from being processed as an unknown RRTYPE (see [RFC3597])? No. J. Comments: A number of participants in DNSEXT / DNSOPS (and the DNS Directorate) have been involved in / following / are aware of this work. -- Don't be impressed with unintelligible stuff said condescendingly. -- Radia Perlman.
- [dnsext] Requesting Expert review for RRTYPE appl… Warren Kumari
- Re: [dnsext] Requesting Expert review for RRTYPE … Tony Finch
- Re: [dnsext] Requesting Expert review for RRTYPE … Warren Kumari