@misc{rfc9102,
    series =    {Request for Comments},
    number =    9102,
    howpublished =  {RFC 9102},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC9102},
    url =       {https://www.rfc-editor.org/info/rfc9102},
    author =    {Viktor Dukhovni and Shumon Huque and Willem Toorop and Paul Wouters and Melinda Shore},
    title =     {{TLS DNSSEC Chain Extension}},
    pagetotal = 43,
    year =      2021,
    month =     aug,
    abstract =  {This document describes an experimental TLS extension for the in-band transport of the complete set of records that can be validated by DNSSEC and that are needed to perform DNS-Based Authentication of Named Entities (DANE) of a TLS server. This extension obviates the need to perform separate, out-of-band DNS lookups. When the requisite DNS records do not exist, the extension conveys a denial-of-existence proof that can be validated. This experimental extension is developed outside the IETF and is published here to guide implementation of the extension and to ensure interoperability among implementations.},
}