Closed Bug 672239 Opened 11 years ago Closed 7 years ago

implement DNSSEC TLS

Categories

(Core :: Security: PSM, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: keeler, Unassigned)

References

Details

Tracking bug for the implementation of the proposal to use DNSSEC to associate TLS keys with domain names.
No longer blocks: 672244
Depends on: 672244
Is there an RFC or Internet Draft defining TLS using DNSSEC keys?
If not ...
(In reply to comment #1)
> Is there an RFC or Internet Draft defining TLS using DNSSEC keys?

Sorry - should have linked this:
http://tools.ietf.org/html/draft-ietf-dane-protocol-08

Also, more details here:
https://wiki.mozilla.org/Security/DNSSEC-TLS-details
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
Assignee: nobody → dkeeler
"draft-ietf-dane-protocol approved" - "this'll now head to the RFC editor for final processing":
  http://www.ietf.org/mail-archive/web/dane/current/msg05124.html

Current version (version 23 of 2012-06-14):
  http://tools.ietf.org/html/draft-ietf-dane-protocol
Tracked at:
  https://datatracker.ietf.org/doc/draft-ietf-dane-protocol/

And see also:
- "Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)"
  http://tools.ietf.org/html/rfc6394

And related drafts, http://tools.ietf.org/wg/dane/
- Secure SMTP with TLS, DNSSEC and TLSA records, 
- Using Secure DNS to Associate Certificates with Domain Names For S/MIME
Isn't this a duplicate of #589537?
(In reply to Roger Lynn from comment #4)
> Isn't this a duplicate of #589537?

Seems to be.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 589537
This turns out to be the master tracking bug, so reopening and will clean up.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Duplicate of this bug: 589537
I am not actively working on this.
Assignee: dkeeler → nobody
New rfc7671 address some issues presented at https://wiki.mozilla.org/Security/DNSSEC-TLS-details like CNAME issues
We do not currently have plans to implement this.
Status: REOPENED → RESOLVED
Closed: 9 years ago7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.