Skip to content

Commit

Permalink
DNS wildcards for privacy
Browse files Browse the repository at this point in the history 
- Would publish a CA in DNS to avoid cert names
  • Loading branch information
@vanrein @mcr
vanrein authored and mcr committed Mar 25, 2024
1 parent 1378176 commit 909382f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions draft-ietf-dance-architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,7 @@ If the DNS owner name of the identity proven by a certificate is directly or ind
This privacy is implied for domain users inasfar as the domain CA does not mention users.
When creating the DNS owner name, effects of DNS zone walking and possible harvesting of identities in the DNS zone will have to be considered.
The DNS owner name may not have to have a direct relation to the name of the subject or the subjectAltName of the certificate.
If there is such a relation, a DANCEr may specify support for CA certificates, stored under a wildcard in DNS.

Further work has do be done in this area.

Expand Down

0 comments on commit 909382f

Please sign in to comment.