Skip to main content

Shepherd writeup
draft-dukhovni-tls-dnssec-chain

draft-dukhovni-tls-dnssec-chain has been brought to the ISE for
publication as an Experimental RFC on the Independent Submission Stream.

==Purpose==

This document describes an experimental TLS extension for in-band
transport of the complete set of DNSSEC validated records needed to
perform DANE authentication of a TLS server. The document is published
to allow interoperable experimental implementations and to gather
feedback on whether the approach works and is useful.

==History==

This document was originally processed by the TLS WG. There was late
feedback questioning whether it would be effective and wondering about 
the threat model it addressed. That discussion got very heated and
acrimonious, and the WG failed to reach any consensus and it seemed that
there was no further energy to attempt consensus. The proponents of
various deployment models were advised (by the TLS chairs) to seek
publication of independent documents for the given use cases via ISE or
other venues.

The ISE consulted with the Sec ADs and TLS chairs to find out whether
this work should be done within the TLS WG. They confirmed this view and
suggested that the path through the working group was "blocked".

==Not the IETF==

The Abstract and Introduction are clear that this work was developed
outside the IETF.

==Scope of the Experiment==

This document has a dedicated section (1.1) to describe the scope of the
experiment. That section clearly notes the concerns raised in the TLS
working group.

==IANA==

This document requests a code point from the TLS ExtensionType Values
registry https://www.iana.org/assignments/tls-extensiontype-values.
That registry is "Specification Required" which will be covered by this
document if published on the Independent Submissions Stream.

The assignment request suggests that the codepoint be marked as
Recommended = "No" which is appropriate for a non-IETF document.

Per RFC 8447 Section 17, the authors have sent mail to the mailing
list 	tls-reg-review@ietf.org. Rich Salz responded:

   Sure, the draft is readable and implementable.  You can have 
   number 59, if one of the other two reviewers agree.

We wait to hear from a second reviewer.

==Reviews==

Reviews were initially hard to find. Many people considered themselves 
compromised by either their support of or opposition to the draft and
declined to give a review. Ultimately, reviews were performed for the
ISE as follows:

- Nico Williams : positive, but no detailed comments

- Stephen Farrell : small comments

- Shane Kerr : detailed review

- Matthijs Mekking : detailed review

The ISE also performed a review.

Details of the reviews are available on request.

Back