Use Cases and Requirements for DNS-Based Authentication of Named Entities
RFC 6394, “Use Cases and Requirements for DNS-Based Authentication of Named Entities”, is an Informational document published in October 2011 by R. Barnes. The canonical text is published by the RFC Editor.
Abstract
Many current applications use the certificate-based authentication features in Transport Layer Security (TLS) to allow clients to verify that a connected server properly represents a desired domain name. Typically, this authentication has been based on PKIX certificate chains rooted in well-known certificate authorities (CAs), but additional information can be provided via the DNS itself. This document describes a set of use cases in which the DNS and DNS Security Extensions (DNSSEC) could be used to make assertions that support the TLS authentication process. The main focus of this document is TLS server authentication, but it also covers TLS client authentication for applications where TLS clients are identified by domain names. [STANDARDS-TRACK]
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 6394 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6393 Moving RFC 4693 to Historic
- RFC 6395 An Interface Identifier Hello Option for PIM
- RFC 6392 A Survey of In-Network Storage Systems
- RFC 6396 Multi-Threaded Routing Toolkit Routing Information Export Format
- RFC 6391 Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network
- RFC 6397 Multi-Threaded Routing Toolkit Border Gateway Protocol Routing Information Export Format with Geo-Location Extensions
- RFC 6390 Guidelines for Considering New Performance Metric Development
- RFC 6398 IP Router Alert Considerations and Usage