Tracking bug for the implementation of the proposal to use DNSSEC to associate TLS keys with domain names.

Is there an RFC or Internet Draft defining TLS using DNSSEC keys? If not ...

(In reply to comment #1) > Is there an RFC or Internet Draft defining TLS using DNSSEC keys? Sorry - should have linked this: http://tools.ietf.org/html/draft-ietf-dane-protocol-08 Also, more details here: https://wiki.mozilla.org/Security/DNSSEC-TLS-details

"draft-ietf-dane-protocol approved" - "this'll now head to the RFC editor for final processing": http://www.ietf.org/mail-archive/web/dane/current/msg05124.html Current version (version 23 of 2012-06-14): http://tools.ietf.org/html/draft-ietf-dane-protocol Tracked at: https://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ And see also: - "Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)" http://tools.ietf.org/html/rfc6394 And related drafts, http://tools.ietf.org/wg/dane/ - Secure SMTP with TLS, DNSSEC and TLSA records, - Using Secure DNS to Associate Certificates with Domain Names For S/MIME

Isn't this a duplicate of #589537?

(In reply to Roger Lynn from comment #4) > Isn't this a duplicate of #589537? Seems to be.

This turns out to be the master tracking bug, so reopening and will clean up.

I am not actively working on this.

New rfc7671 address some issues presented at https://wiki.mozilla.org/Security/DNSSEC-TLS-details like CNAME issues

We do not currently have plans to implement this.