Re: TAG briefing on DANE and alternatives action-697

This looks a propos our discussions as well.  (via the cap-talk
mailing list)  -Jonathan

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the Transport Layer Security
Working Group of the IETF.

	Title           : TLS Out-of-Band Public Key Validation
	Author(s)       : Paul Wouters
                          John Gilmore
                          Samuel Weiler
                          Tero Kivinen
                          Hannes Tschofenig
	Filename        : draft-ietf-tls-oob-pubkey-03.txt
	Pages           : 10
	Date            : 2012-04-25

   This document specifies a new TLS certificate type for exchanging raw
   public keys in Transport Layer Security (TLS) and Datagram Transport
   Layer Security (DTLS) for use with out-of-band public key validation.
   Currently, TLS authentication can only occur via X.509-based Public
   Key Infrastructure (PKI) or OpenPGP certificates.  By specifying a
   minimum resource for raw public key exchange, implementations can use
   alternative public key validation methods.

   One such alternative public key valiation method is offered by the
   DNS-Based Authentication of Named Entities (DANE) together with DNS
   Security.  Another alternative is to utilize pre-configured keys, as
   is the case with sensors and other embedded devices.  The usage of
   raw public keys, instead of X.509-based certificates, leads to a
   smaller code footprint.

   The support for raw public keys is introduced into TLS via a new non-
   PKIX certificate type.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

This Internet-Draft can be retrieved at:

The IETF datatracker page for this Internet-Draft is:

Received on Thursday, 26 April 2012 15:50:00 UTC