draft-ietf-dane-protocol-22.txt   draft-ietf-dane-protocol-23.txt 
Network Working Group P. Hoffman Network Working Group P. Hoffman
Internet-Draft VPN Consortium Internet-Draft VPN Consortium
Intended status: Standards Track J. Schlyter Intended status: Standards Track J. Schlyter
Expires: December 16, 2012 Kirei AB Expires: December 16, 2012 Kirei AB
June 14, 2012 June 14, 2012
The DNS-Based Authentication of Named Entities (DANE) Transport Layer The DNS-Based Authentication of Named Entities (DANE) Transport Layer
Security (TLS) Protocol: TLSA Security (TLS) Protocol: TLSA
draft-ietf-dane-protocol-22 draft-ietf-dane-protocol-23
Abstract Abstract
Encrypted communication on the Internet often uses Transport Level Encrypted communication on the Internet often uses Transport Level
Security (TLS), which depends on third parties to certify the keys Security (TLS), which depends on third parties to certify the keys
used. This document improves on that situation by enabling the used. This document improves on that situation by enabling the
administrators of domain names to specify the keys used in that administrators of domain names to specify the keys used in that
domain's TLS servers. This requires matching improvements in TLS domain's TLS servers. This requires matching improvements in TLS
client software, but no change in TLS server software. client software, but no change in TLS server software.
skipping to change at page 10, line 38 skipping to change at page 10, line 38
or the hash of the raw data for matching types 1 and 2. The data or the hash of the raw data for matching types 1 and 2. The data
refers to the certificate in the association, not to the TLS ASN.1 refers to the certificate in the association, not to the TLS ASN.1
Certificate object. Certificate object.
2.2. TLSA RR Presentation Format 2.2. TLSA RR Presentation Format
The presentation format of the RDATA portion (as defined in The presentation format of the RDATA portion (as defined in
[RFC1035]) is as follows: [RFC1035]) is as follows:
o The certificate usage field MUST be represented as an 8-bit o The certificate usage field MUST be represented as an 8-bit
decimal integer. unsigned integer.
o The selector field MUST be represented as an 8-bit unsigned o The selector field MUST be represented as an 8-bit unsigned
integer. integer.
o The matching type field MUST be represented as an 8-bit unsigned o The matching type field MUST be represented as an 8-bit unsigned
integer. integer.
o The certificate association data field MUST be represented as a o The certificate association data field MUST be represented as a
string of hexadecimal characters. Whitespace is allowed within string of hexadecimal characters. Whitespace is allowed within
the string of hexadecimal characters, as described in [RFC1035]. the string of hexadecimal characters, as described in [RFC1035].
 End of changes. 2 change blocks. 
2 lines changed or deleted 2 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/