[DNSOP] FYI: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC

Wed, 18 Aug 2010 00:44:36 -0700 

Hi,
this is the mailing list for discussing and proposing new ways how to use the fact that we have a DNSSEC @ root zone. 

You may want to read:

The problem statement I and Warren wrote:
http://www.ietf.org/mail-archive/web/keyassure/current/msg00000.html

New I-D by Jakob, Paul, Warren and Adam:
http://www.ietf.org/internet-drafts/draft-hoffman-keys-linkage-from-dns-00.txt

Slightly older CERT RR (which we already have):
http://tools.ietf.org/html/rfc4398

And various older proposals which didn't make it:

(Jakob's)
http://stupid.domain.name/ietf/draft-schlyter-pkix-dns-02.txt

(RR TYPE request I did)
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg00421.html


This is just to summarize the ideas which were floating around for some 
time.  The basis on our work will be in the most recent I-D.


Ondrej

-------- Original Message --------
Subject: New Non-WG Mailing List: keyassure -- Key Assurance With DNSSEC
Date: Tue, 17 Aug 2010 11:36:02 -0700 (PDT)
From: IETF Secretariat <ietf-secretar...@ietf.org>
To: IETF Announcement list <ietf-annou...@ietf.org>
CC: keyass...@ietf.org, ondrej.s...@nic.cz, war...@kumari.net

A new IETF non-working group email list has been created.

List address: keyass...@ietf.org
Archive:
http://www.ietf.org/mail-archive/web/keyassure/current/maillist.html
To subscribe: https://www.ietf.org/mailman/listinfo/keyassure

Description: This list is for discussion relating to using
DNSSEC-protected DNS queries to get greater assurance for keys and

certificates that are passed in existing IETF protocols. The main idea 
is that a relying party can get additional information about a domain 
name to eliminate the need for using a certificate in a protocol, to 
eliminate the need for sending certificates in the protocol if they are 
optional, and/or to assure that the certificate given in a protocol is 
associated with the domain name used by the application. In all three 
cases, the application associates the key or key fingerprint securely 
retrieved from the DNS with the domain name that was used in the DNS query.


For additional information, please contact the list administrators.


--
 Ondřej Surý
 vedoucí výzkumu/Head of R&D department
 -------------------------------------------
 CZ.NIC, z.s.p.o.    --    Laboratoře CZ.NIC
 Americka 23, 120 00 Praha 2, Czech Republic
 mailto:ondrej.s...@nic.cz    http://nic.cz/
 tel:+420.222745110       fax:+420.222745112
 -------------------------------------------
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop














    











					Reply via email to