Recently I have been in a discussion about DNS RR that hold X.509
certificates.
I am asking this here, as I *Think* there may be some knowledge here
without me joining other lists...
I was aware of DANE's rfc6698 that holds both X.509 certs or
SubjectPublicKeyInfo.
But I was pointed at rfc
Well, this really isn't a question for the TLS WG as DANE is external to
TLS.
With that said, ISTM that the primary purpose of DANE is to indicate which
certificates are acceptable rather than to convey them, as TLS already
knows how to convey them.
-Ekr
On Sun, Jun 26, 2022 at 5:05 AM Robert M
Kind of thought so.
So where do I ask where CERT records are being used?
thanks
On 6/26/22 09:22, Eric Rescorla wrote:
Well, this really isn't a question for the TLS WG as DANE is external
to TLS.
With that said, ISTM that the primary purpose of DANE is to indicate
which certificates are ac
Ah, RFC 6944...
Yes, not a TLS issue; did not think it was, directly. But I see.
DIG, dig, dig..
On 6/26/22 09:32, Robert Moskowitz wrote:
Kind of thought so.
So where do I ask where CERT records are being used?
thanks
On 6/26/22 09:22, Eric Rescorla wrote:
Well, this really isn't a questi
I'm not aware of any major application which uses CERT records.
-Ekr
On Sun, Jun 26, 2022 at 6:41 AM Robert Moskowitz
wrote:
> Ah, RFC 6944...
>
> Yes, not a TLS issue; did not think it was, directly. But I see.
>
> DIG, dig, dig..
>
> On 6/26/22 09:32, Robert Moskowitz wrote:
>
> Kind of tho
Thanks Eric!
I will use them in draft-ietf-drip-registries for our X.509 certs and
our 'custom' attestation certs (private OID will be needed). And then
the powers-that-be can sort it out as we move forward.
But at least this way I can put forth the discussion point and the
implementors can
On Sun, Jun 26, 2022 at 04:29:38PM -0400, Robert Moskowitz wrote:
> I will use them in draft-ietf-drip-registries for our X.509 certs and
> our 'custom' attestation certs (private OID will be needed). And then
> the powers-that-be can sort it out as we move forward.
Why do the certificates need
> On 26 Jun 2022, at 14:32, Robert Moskowitz wrote:
>
> So where do I ask where CERT records are being used?
Maybe in the dnsop WG. Or at the DNS-OARC meeting immediately after IETF114.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman
Viktor,
thank you for your response.
For those uses that are DANE/DANCE/TLS related, TLSA records WILL be
used. See
draft-moskowitz-drip-secure-nrid-c2
Which I am working on an update to correct some errors and add MAVlink
as a message format for NRID.
and these TLSA records will be inst
On 6/26/22 17:40, Jim Reid wrote:
On 26 Jun 2022, at 14:32, Robert Moskowitz wrote:
So where do I ask where CERT records are being used?
Maybe in the dnsop WG. Or at the DNS-OARC meeting immediately after IETF114.
And I am splitting early Friday morning.
__
Viktor,
One thing I left off is that it is possible that
draft-moskowitz-drip-nrid-c2 will be a major use case for DANCE as I
have discussed on the DANCE list.
The DRIP chairs want to wrap up current work before we tackle phase 2,
but I have external players that want PoC for secure nrid NOW
It appears that Jim Reid said:
>
>
>> On 26 Jun 2022, at 14:32, Robert Moskowitz wrote:
>>
>> So where do I ask where CERT records are being used?
>
>Maybe in the dnsop WG. Or at the DNS-OARC meeting immediately after IETF114.
The authors of the CERT RFC are still around. Meybe they'd know.
12 matches
Mail list logo
