Shepherd writeup
rfc7218-04

1. Summary

Paul Hoffman is the document shepherd; Stephen Farrell is the responsible AD.

This document is a small update to RFC 6698, the specification for the DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol, also known by its DNS RRset name, TLSA. The revision has one narrow purpose: to give the three numeric fields in the RRtype definition mnemonic names. This is meant to allow easier discussion of TLSA, particular for the "certificate usage" field that specifies what type of public key is in the TLSA record. Because this draft updates a standards track RFC, the draft is meant to be a proposed standard as well.

2. Review and Consensus

The short document was thoroughly reviewed in the WG. That very active discussion among many people led to some very deep divisions in the WG about what the "certificate usage" fields should be called. The WG chairs called rough consensus, but a significant number of people in the WG disagreed that there was consensus at all. It should be noted that the WG has consensus that some terminology is better than just having the numbers in RFC 6698; however, there are strong opinions for three or four different sets of terminology. I do not believe that the wording in the current draft represents "rough consensus" but, at the same time, I don't see any of the other options as having noticeably more consensus.

3. Intellectual Property

I did not confirm that each author has stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79 because that is unnecessary for this document. The document adds synonyms to an existing protocol.

4. Other Points

There is still wide disagreement about the meaning of self-signed certificates and what it means to be part of "PKIX". This disagreement comes from many WG members' discussions of security with people who use IETF security technologies, as well as some strong personal biases. The discussion in the WG was mostly thoughtful even when it was forceful. Given this, it is likely impossible to come up with names for the "certificate usage" that will make even most people happy.
Back