{"draft":"draft-ietf-dane-use-cases-05","doc_id":"RFC6394","title":"Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)","authors":["R. Barnes"],"format":["ASCII","HTML"],"page_count":"12","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"DNS-based Authentication of Named Entities","abstract":"Many current applications use the certificate-based authentication\r\nfeatures in Transport Layer Security (TLS) to allow clients to verify\r\nthat a connected server properly represents a desired domain name.\r\nTypically, this authentication has been based on PKIX certificate\r\nchains rooted in well-known certificate authorities (CAs), but\r\nadditional information can be provided via the DNS itself.  This\r\ndocument describes a set of use cases in which the DNS and DNS\r\nSecurity Extensions (DNSSEC) could be used to make assertions that\r\nsupport the TLS authentication process.  The main focus of this\r\ndocument is TLS server authentication, but it also covers TLS client\r\nauthentication for applications where TLS clients are identified by\r\ndomain names.  [STANDARDS-TRACK]","pub_date":"October 2011","keywords":["TLS","PKIX"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6394","errata_url":null}