Search RFCs
RFC 7673
Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records,October 2015
- File formats:
- Status:
- PROPOSED STANDARD
- Authors:
- T. Finch
M. Miller
P. Saint-Andre - Stream:
- IETF
- Source:
- dane (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7673
Discuss this RFC: Send questions or comments to the mailing listdane@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7673
Abstract
The DNS-Based Authentication of Named Entities (DANE) specification(RFC 6698) describes how to use TLSA resource records secured byDNSSEC (RFC 4033) to associate a server's connection endpoint withits Transport Layer Security (TLS) certificate (thus enablingadministrators of domain names to specify the keys used in thatdomain's TLS servers). However, application protocols that use SRVrecords (RFC 2782) to indirectly name the target server connectionendpoints for a service domain name cannot apply the rules from RFC6698. Therefore, this document provides guidelines that enable suchprotocols to locate and use TLSA records.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.