Hi,
this is the mailing list for discussing and proposing new ways how to
use the fact that we have a DNSSEC @ root zone.
You may want to read:
The problem statement I and Warren wrote:
http://www.ietf.org/mail-archive/web/keyassure/current/msg00000.html
New I-D by Jakob, Paul, Warren and Adam:
http://www.ietf.org/internet-drafts/draft-hoffman-keys-linkage-from-dns-00.txt
Slightly older CERT RR (which we already have):
http://tools.ietf.org/html/rfc4398
And various older proposals which didn't make it:
(Jakob's)
http://stupid.domain.name/ietf/draft-schlyter-pkix-dns-02.txt
(RR TYPE request I did)
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg00421.html
This is just to summarize the ideas which were floating around for some
time. The basis on our work will be in the most recent I-D.
Ondrej
-------- Original Message --------
Subject: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
Date: Tue, 17 Aug 2010 11:36:02 -0700 (PDT)
From: IETF Secretariat <ietf-secretar...@ietf.org>
To: IETF Announcement list <ietf-annou...@ietf.org>
CC: keyass...@ietf.org, ondrej.s...@nic.cz, war...@kumari.net
A new IETF non-working group email list has been created.
List address: keyass...@ietf.org
Archive:
http://www.ietf.org/mail-archive/web/keyassure/current/maillist.html
To subscribe: https://www.ietf.org/mailman/listinfo/keyassure
Description: This list is for discussion relating to using
DNSSEC-protected DNS queries to get greater assurance for keys and
certificates that are passed in existing IETF protocols. The main idea
is that a relying party can get additional information about a domain
name to eliminate the need for using a certificate in a protocol, to
eliminate the need for sending certificates in the protocol if they are
optional, and/or to assure that the certificate given in a protocol is
associated with the domain name used by the application. In all three
cases, the application associates the key or key fingerprint securely
retrieved from the DNS with the domain name that was used in the DNS query.
For additional information, please contact the list administrators.
--
Ondřej Surý
vedoucí výzkumu/Head of R&D department
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.s...@nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop