From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001
From: Thomas Voss <mail@thomasvoss.com>
Date: Wed, 27 Nov 2024 20:54:24 +0100
Subject: doc: Add RFC documents

---
 doc/rfc/rfc7218.txt | 283 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 283 insertions(+)
 create mode 100644 doc/rfc/rfc7218.txt

(limited to 'doc/rfc/rfc7218.txt')

diff --git a/doc/rfc/rfc7218.txt b/doc/rfc/rfc7218.txt
new file mode 100644
index 0000000..be2f112
--- /dev/null
+++ b/doc/rfc/rfc7218.txt
@@ -0,0 +1,283 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF)                    O. Gudmundsson
+Request for Comments: 7218                                 Shinkuro Inc.
+Updates: 6698                                                 April 2014
+Category: Standards Track
+ISSN: 2070-1721
+
+
+            Adding Acronyms to Simplify Conversations about
+           DNS-Based Authentication of Named Entities (DANE)
+
+Abstract
+
+   Experience has shown that people get confused when discussing the
+   three numeric fields of the TLSA record.  This document specifies
+   descriptive acronyms for the three numeric fields in TLSA records.
+   This document updates the format of the IANA registry created by RFC
+   6698.
+
+Status of This Memo
+
+   This is an Internet Standards Track document.
+
+   This document is a product of the Internet Engineering Task Force
+   (IETF).  It represents the consensus of the IETF community.  It has
+   received public review and has been approved for publication by the
+   Internet Engineering Steering Group (IESG).  Further information on
+   Internet Standards is available in Section 2 of RFC 5741.
+
+   Information about the current status of this document, any errata,
+   and how to provide feedback on it may be obtained at
+   http://www.rfc-editor.org/info/rfc7218.
+
+Copyright Notice
+
+   Copyright (c) 2014 IETF Trust and the persons identified as the
+   document authors.  All rights reserved.
+
+   This document is subject to BCP 78 and the IETF Trust's Legal
+   Provisions Relating to IETF Documents
+   (http://trustee.ietf.org/license-info) in effect on the date of
+   publication of this document.  Please review these documents
+   carefully, as they describe your rights and restrictions with respect
+   to this document.  Code Components extracted from this document must
+   include Simplified BSD License text as described in Section 4.e of
+   the Trust Legal Provisions and are provided without warranty as
+   described in the Simplified BSD License.
+
+
+
+
+
+Gudmundsson                  Standards Track                    [Page 1]
+
+RFC 7218           Adding Acronyms to DANE Registries         April 2014
+
+
+Table of Contents
+
+   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
+   2.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   2
+     2.1.  TLSA Certificate Usages Registry  . . . . . . . . . . . .   3
+     2.2.  TLSA Selectors  . . . . . . . . . . . . . . . . . . . . .   3
+     2.3.  TLSA Matching Types . . . . . . . . . . . . . . . . . . .   4
+   3.  Examples of Usage . . . . . . . . . . . . . . . . . . . . . .   4
+     3.1.  TLSA Records Using/Displaying the Acronyms  . . . . . . .   4
+     3.2.  Acronym Use in a Specification Example  . . . . . . . . .   4
+   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
+   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   4
+   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
+     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
+     6.2.  Informative References  . . . . . . . . . . . . . . . . .   5
+
+1.  Introduction
+
+   During discussions on how to add DNS-Based Authentication of Named
+   Entities (DANE) [RFC6698] technology to new protocols and services,
+   people were repeatedly confused as to what the numeric values stood
+   for and even the order of the fields of a TLSA record (note that TLSA
+   is not an acronym but a name).  This document updates the IANA
+   registry definition for the TLSA record to add a column containing an
+   acronym for each specified field, in order to reduce confusion.  This
+   document does not change the DANE protocol in any way.
+
+   It is expected that DANE parsers in applications and DNS software can
+   adopt parsing the acronyms for each field.
+
+2.  IANA Considerations
+
+   This document applies to the "DNS-Based Authentication of Named
+   Entities (DANE) Parameters" registry located at <http://www.iana.org/
+   assignments/dane-parameters>.  IANA has added a column with an
+   acronym to each of the sub-registries.
+
+   [RFC6698] and this document are the referenced documents for the
+   three sub-registries.
+
+   As these acronyms are offered for human consumption, case does not
+   matter; it is expected that software that parses TLSA records will
+   handle upper-, mixed-, or lower-case characters as input.
+
+
+
+
+
+
+
+
+Gudmundsson                  Standards Track                    [Page 2]
+
+RFC 7218           Adding Acronyms to DANE Registries         April 2014
+
+
+2.1.  TLSA Certificate Usages Registry
+
+   The reference for this registry has been updated to include both
+   [RFC6698] and this document.
+
+    +-------+----------+--------------------------------+-------------+
+    | Value | Acronym  | Short Description              | Reference   |
+    +-------+----------+--------------------------------+-------------+
+    |   0   | PKIX-TA  | CA constraint                  | [RFC6698]   |
+    |   1   | PKIX-EE  | Service certificate constraint | [RFC6698]   |
+    |   2   | DANE-TA  | Trust anchor assertion         | [RFC6698]   |
+    |   3   | DANE-EE  | Domain-issued certificate      | [RFC6698]   |
+    | 4-254 |          | Unassigned                     |             |
+    |  255  | PrivCert | Reserved for Private Use       | [RFC6698]   |
+    +-------+----------+--------------------------------+-------------+
+
+                     Table 1: TLSA Certificate Usages
+
+2.2.  TLSA Selectors
+
+   The reference for this registry has been updated to include both
+   [RFC6698] and this document.
+
+       +-------+---------+--------------------------+-------------+
+       | Value | Acronym | Short Description        | Reference   |
+       +-------+---------+--------------------------+-------------+
+       |   0   | Cert    | Full certificate         | [RFC6698]   |
+       |   1   | SPKI    | SubjectPublicKeyInfo     | [RFC6698]   |
+       | 2-254 |         | Unassigned               |             |
+       |  255  | PrivSel | Reserved for Private Use | [RFC6698]   |
+       +-------+---------+--------------------------+-------------+
+
+                          Table 2: TLSA Selectors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gudmundsson                  Standards Track                    [Page 3]
+
+RFC 7218           Adding Acronyms to DANE Registries         April 2014
+
+
+2.3.  TLSA Matching Types
+
+   The reference for this registry has been updated to include both
+   [RFC6698] and this document.
+
+      +-------+-----------+--------------------------+-------------+
+      | Value | Acronym   | Short Description        | Reference   |
+      +-------+-----------+--------------------------+-------------+
+      |   0   | Full      | No hash used             | [RFC6698]   |
+      |   1   | SHA2-256  | 256 bit hash by SHA2     | [RFC6234]   |
+      |   2   | SHA2-512  | 512 bit hash by SHA2     | [RFC6234]   |
+      | 3-254 |           | Unassigned               |             |
+      |  255  | PrivMatch | Reserved for Private Use | [RFC6698]   |
+      +-------+-----------+--------------------------+-------------+
+
+                       Table 3: TLSA Matching Types
+
+3.  Examples of Usage
+
+   Two examples are described below.
+
+3.1.  TLSA Records Using/Displaying the Acronyms
+
+   _666._tcp.first.example.  TLSA PKIX-TA CERT SHA2-512 {blob}
+   _666._tcp.second.example.  TLSA DANE-TA SPKI SHA2-256 {blob}
+
+3.2.  Acronym Use in a Specification Example
+
+   Protocol FOO only allows TLSA records using PKIX-EE and DANE-EE, with
+   selector SPKI, and using SHA2-512.
+
+4.  Security Considerations
+
+   This document only changes registry fields and does not change the
+   behavior of any protocol.  The hope is to reduce confusion, which
+   would lead to better specification and operations.
+
+5.  Acknowledgements
+
+   Scott Schmit offered really good suggestions to decrease the
+   possibility of confusion.  Viktor Dukhovni provided comments from the
+   expert point of view.  Jim Schaad, Wes Hardaker, and Paul Hoffman
+   provided feedback during WGLC.  Dan Romascanu and Tobias Gondrom
+   pointed out a few defects during the IESG last call.
+
+
+
+
+
+
+
+Gudmundsson                  Standards Track                    [Page 4]
+
+RFC 7218           Adding Acronyms to DANE Registries         April 2014
+
+
+6.  References
+
+6.1.  Normative References
+
+   [RFC6698]  Hoffman, P. and J. Schlyter, "The DNS-Based Authentication
+              of Named Entities (DANE) Transport Layer Security (TLS)
+              Protocol: TLSA", RFC 6698, August 2012.
+
+6.2.  Informative References
+
+   [RFC6234]  Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
+              (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.
+
+Author's Address
+
+   Olafur Gudmundsson
+   Shinkuro Inc.
+   4922 Fairmont Av, Suite 250
+   Bethesda, MD  20814
+   USA
+
+   EMail: ogud@ogud.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Gudmundsson                  Standards Track                    [Page 5]
+
-- 
cgit v1.2.3