Using DNS-Based Authentication of Named Entities (DANE) TLSA records with SRV and MX records.

The information below is for an old version of the document
Document Type Expired Internet-Draft (dane WG)
Author Tony Finch 
Last updated 2013-08-29 (latest revision 2013-02-25)
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DANE specification [RFC6698] describes how to use TLSA resource records in the DNS to associate a server's host name with its TLS certificate. The association is secured with DNSSEC. Some application protocols can use SRV records [RFC2782] to indirectly name the server hosts for a service domain. (SMTP uses MX records for the same purpose.) This specification gives generic instructions for how these application protocols locate and use TLSA records. Separate documents give the details that are specific to particular application protocols.


Tony Finch (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)