Hi, Since DNS is a very important service on the internet, for several security processes, it can be used as a powerful system. So far, some resource records were proposed for certificates, keys and other values.
I would like to suggest the following format (this is the rough version and it is not exact but only giving you an idea that what is the purpose) for a new resource record to store the reference information of bounding of authentication and authorization where authentication can be based on public keys or certificates. This means each reference no represents an actual policy template in other security system or other services. This means if a certificates bound to more than one references, then more than one of this section is added to RDATA section of the DNS query. This also should be updatable by the DDNS protocol. BTW, I skipped the header and other parts of RR and this part is only the RDATA section. ----------------------- |flag| reference no | ----------------------- | some human readable | | text | ----------------------- The processes are also simple, when a node query the certificates, DNS server also includes this RR if it exists on the DNS server so that when the querier retrieves this information, it can query other services for the given value to authorize the other host on the network. Is DNSOP a right place for that? I asked DANE and they said it Is not in their charter. If not, please tell me where is the right place. If yes, please tell me what do you think about that and whether or not you support it to draft it. Thank you, Best, Hosnieh _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
