UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7673

Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 October 2015
Status: active
Page Count: 16
scope:

The DNS-Based Authentication of Named Entities (DANE) specification (RFC 6698) describes how to use TLSA resource records secured by DNSSEC (RFC 4033) to associate a server's connection endpoint with its Transport Layer Security (TLS) certificate (thus enabling administrators of domain names to specify the keys used in that domain's TLS servers). However, application protocols that use SRV records (RFC 2782) to indirectly name the target server connection endpoints for a service domain name cannot apply the rules from RFC 6698. Therefore, this document provides guidelines that enable such protocols to locate and use TLSA records.

Document History

IETF RFC 7673
October 1, 2015
Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records
The DNS-Based Authentication of Named Entities (DANE) specification (RFC 6698) describes how to use TLSA resource records secured by DNSSEC (RFC 4033) to associate a server's connection endpoint with...

References

This document references:
IETF RFC 7672 - SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
Published by IETF on October 1, 2015
This memo describes a downgrade-resistant protocol for SMTP transport security between Message Transfer Agents (MTAs), based on the DNSBased Authentication of Named Entities (DANE) TLSA DNS record....
This document references:
IETF RFC 7671 - The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance
Published by IETF on October 1, 2015
This document clarifies and updates the DNS-Based Authentication of Named Entities (DANE) TLSA specification (RFC 6698), based on subsequent implementation experience. It also contains guidance for...
This document references:
IETF RFC 2782 - A DNS RR for specifying the location of services (DNS SRV)
Published by IETF on February 1, 2000
This document describes a DNS RR which specifies the location of the server(s) for a specific protocol and domain.
This document references:
IETF RFC 3403 - Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database
Published by IETF on October 1, 2002
This document describes a Dynamic Delegation Discovery System (DDDS) Database using the Domain Name System (DNS) as a distributed database of Rules. The Keys are domain-names and the Rules are...
This document references:
IETF RFC 7671 - The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance
Published by IETF on October 1, 2015
This document clarifies and updates the DNS-Based Authentication of Named Entities (DANE) TLSA specification (RFC 6698), based on subsequent implementation experience. It also contains guidance for...
This document references:
IETF RFC 7672 - SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
Published by IETF on October 1, 2015
This memo describes a downgrade-resistant protocol for SMTP transport security between Message Transfer Agents (MTAs), based on the DNSBased Authentication of Named Entities (DANE) TLSA DNS record....
This document is referenced by:
IETF RFC 7711 - PKIX over Secure HTTP (POSH)
Published by IETF on November 1, 2015
Experience has shown that it is difficult to deploy proper PKIX certificates for Transport Layer Security (TLS) in multi-tenanted environments. As a result, domains hosted in such environments often...
This document is referenced by:
IETF RFC 7712 - Domain Name Associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP)
Published by IETF on November 1, 2015
This document improves the security of the Extensible Messaging and Presence Protocol (XMPP) in two ways. First, it specifies how to establish a strong association between a domain name and an XML...
This document is referenced by:
IETF RFC 8765 - DNS Push Notifications
Published by IETF on June 1, 2020
Abstract The Domain Name System (DNS) was designed to return matching records efficiently for queries for data that are relatively static. When those records change frequently, DNS is still efficient...
View Less
View All
Advertisement