Hi folks, We've updated the DANE Client Certificates draft, and also posted a new draft describing a TLS extension to convey a DANE client identity to a TLS server.
Reviews/feedback/questions appreciated. TLS Extension for DANE Client Identity: https://tools.ietf.org/html/draft-huque-tls-dane-clientid-00 Describes a new (D)TLS extension to convey a DANE client identity. This enables the use of raw public key client authentication with DANE. It also helps client certificate authentication work better and more efficiently. (We'll post this to the TLS working group also.) TLS Client Authentication via DANE TLSA Records: https://tools.ietf.org/html/draft-huque-dane-client-cert-02 This is an update of the DANE client certificates draft we introduced just before IETF93. It is now renamed to "TLS Client Authentication" because it deals with more than just client certificates, treating raw public key auth on par with the former throughout (rather than mostly as a footnote in the earlier version). It references the TLS extension draft and updates the expected protocol behavior accordingly. There are also updated references to documents that have now become RFCs (notably 7671 - DANE Updates and Ops guidance). -- Shumon Huque
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
