[Freeipa-devel] Fwd: [dnsext] New RRtype "KREALM" in draft-vanrein-dnstxt-krb1-02: service->realm mapping

Petr Spacek pspacek at redhat.com
Mon Sep 14 08:00:00 UTC 2015 

Hello,

Kerberos experts might be interested in this draft. I did not have time to go
through this yet.

Discussion continues on dnsext at ietf.org, please reply there.

Petr^2 Spacek


-------- Forwarded Message --------
Subject: [dnsext] New RRtype "KREALM" in draft-vanrein-dnstxt-krb1-02.txt
Date: Thu, 03 Sep 2015 17:36:08 +0200
From: Rick van Rein <rick at openfortress.nl>
To: dnsext at ietf.org

Hello,

I am working on an I-D that allocates a new RRtype in DNS, named
KREALM.  This RR is meant to store Kerberos realm descriptions in DNS;
this has hitherto been desired but impossible to do securely, but
nowadays the broad acceptance of DNSSEC permits this facility.

Please let me know if you have any feedback or questions!

Cheers,

Rick van Rein
for ARPA2.net

> A new version of I-D, draft-vanrein-dnstxt-krb1-02.txt
> has been successfully submitted by Rick van Rein and posted to the
> IETF repository.
>
> Name:		draft-vanrein-dnstxt-krb1
> Revision:	02
> Title:		Kerberos Realm Descriptors in DNS (KREALM)
> Document date:	2015-09-03
> Group:		Individual Submission
> Pages:		15
> URL:            https://www.ietf.org/internet-drafts/draft-vanrein-dnstxt-krb1-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-vanrein-dnstxt-krb1/
> Htmlized:       https://tools.ietf.org/html/draft-vanrein-dnstxt-krb1-02
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-vanrein-dnstxt-krb1-02
>
> Abstract:
>    This specification defines methods to determine Kerberos realm
>    descriptive information for services that are known by their DNS
>    name.  Currently, finding such information is done through static
>    mappings or educated guessing.  DNS can make this process more
>    dynamic, provided that DNSSEC is used to ensure authenticity of
>    resource records.
>

_______________________________________________
dnsext mailing list
dnsext at ietf.org
https://www.ietf.org/mailman/listinfo/dnsext



-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list