From 909382f602a7cdb3fcc1b61bf6ac389f003fe794 Mon Sep 17 00:00:00 2001 From: Rick van Rein Date: Fri, 27 Jan 2023 16:04:22 +0100 Subject: [PATCH] DNS wildcards for privacy - Would publish a CA in DNS to avoid cert names --- draft-ietf-dance-architecture.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-ietf-dance-architecture.md b/draft-ietf-dance-architecture.md index 469c989..825b1d0 100644 --- a/draft-ietf-dance-architecture.md +++ b/draft-ietf-dance-architecture.md @@ -437,6 +437,7 @@ If the DNS owner name of the identity proven by a certificate is directly or ind This privacy is implied for domain users inasfar as the domain CA does not mention users. When creating the DNS owner name, effects of DNS zone walking and possible harvesting of identities in the DNS zone will have to be considered. The DNS owner name may not have to have a direct relation to the name of the subject or the subjectAltName of the certificate. +If there is such a relation, a DANCEr may specify support for CA certificates, stored under a wildcard in DNS. Further work has do be done in this area.