Re: TAG briefing on DANE and alternatives action-697 from Jonathan A Rees on 2012-04-26 (www-tag@w3.org from April 2012)

From: Jonathan A Rees <rees@mumble.net>
Date: Thu, 26 Apr 2012 11:49:26 -0400
To: Larry Masinter <masinter@adobe.com>
Cc: Thomas Roessler <tlr@w3.org>, Philippe Le Hegaret <plh@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <CAGnGFMKBW=+sfMzkjV+_SGHy9Pc_Ud2=FQsm_dt8hReeFoSMbA@mail.gmail.com>

This looks a propos our discussions as well.  (via the cap-talk
mailing list)  -Jonathan

http://www.ietf.org/mail-archive/web/i-d-announce/current/msg43995.html

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the Transport Layer Security
Working Group of the IETF.

	Title           : TLS Out-of-Band Public Key Validation
	Author(s)       : Paul Wouters
                          John Gilmore
                          Samuel Weiler
                          Tero Kivinen
                          Hannes Tschofenig
	Filename        : draft-ietf-tls-oob-pubkey-03.txt
	Pages           : 10
	Date            : 2012-04-25

   This document specifies a new TLS certificate type for exchanging raw
   public keys in Transport Layer Security (TLS) and Datagram Transport
   Layer Security (DTLS) for use with out-of-band public key validation.
   Currently, TLS authentication can only occur via X.509-based Public
   Key Infrastructure (PKI) or OpenPGP certificates.  By specifying a
   minimum resource for raw public key exchange, implementations can use
   alternative public key validation methods.

   One such alternative public key valiation method is offered by the
   DNS-Based Authentication of Named Entities (DANE) together with DNS
   Security.  Another alternative is to utilize pre-configured keys, as
   is the case with sensors and other embedded devices.  The usage of
   raw public keys, instead of X.509-based certificates, leads to a
   smaller code footprint.

   The support for raw public keys is introduced into TLS via a new non-
   PKIX certificate type.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-oob-pubkey-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-oob-pubkey-03.txt

The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-oob-pubkey/

Received on Thursday, 26 April 2012 15:50:00 UTC