RFC 6698
E831087
RFC 6698 is the Internet standard that specifies the DNS-Based Authentication of Named Entities (DANE) protocol, which uses DNSSEC to associate TLS certificates with domain names.
All labels observed (1)
| Label | Occurrences |
|---|---|
| RFC 6698 canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T9932166 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: RFC 6698 Context triple: [DANE, definedIn, RFC 6698]
-
A.
RFC 6189
RFC 6189 is the Internet Engineering Task Force (IETF) standard that defines the ZRTP protocol for secure key agreement in Voice over IP communications.
-
B.
RFC 6668
RFC 6668 is an Internet Engineering Task Force (IETF) standard that updates the Secure Shell (SSH) protocol to add support for modern elliptic curve cryptography methods.
-
C.
RFC 6066
RFC 6066 is an Internet Engineering Task Force (IETF) standard that specifies Transport Layer Security (TLS) extensions, including the widely used Server Name Indication (SNI) extension.
-
D.
RFC 6409
RFC 6409 is an Internet standards document that originally defined the Message Submission protocol for email (port 587), later superseded by RFC 8314.
-
E.
RFC 6864
RFC 6864 is an Internet Engineering Task Force (IETF) standards-track document that revises and clarifies the semantics and usage of the IPv4 Identification field in IP packet headers.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: RFC 6698 Target entity description: RFC 6698 is the Internet standard that specifies the DNS-Based Authentication of Named Entities (DANE) protocol, which uses DNSSEC to associate TLS certificates with domain names.
-
A.
RFC 6189
RFC 6189 is the Internet Engineering Task Force (IETF) standard that defines the ZRTP protocol for secure key agreement in Voice over IP communications.
-
B.
RFC 6668
RFC 6668 is an Internet Engineering Task Force (IETF) standard that updates the Secure Shell (SSH) protocol to add support for modern elliptic curve cryptography methods.
-
C.
RFC 6066
RFC 6066 is an Internet Engineering Task Force (IETF) standard that specifies Transport Layer Security (TLS) extensions, including the widely used Server Name Indication (SNI) extension.
-
D.
RFC 6409
RFC 6409 is an Internet standards document that originally defined the Message Submission protocol for email (port 587), later superseded by RFC 8314.
-
E.
RFC 6864
RFC 6864 is an Internet Engineering Task Force (IETF) standards-track document that revises and clarifies the semantics and usage of the IPv4 Identification field in IP packet headers.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
Internet standard
ⓘ
Request for Comments ⓘ |
| addressesProblem | authentication of TLS endpoints without exclusive reliance on public CA PKI ⓘ |
| appliesTo |
DNS resolvers
ⓘ
TLS clients ⓘ TLS servers ⓘ |
| area | Security ⓘ |
| category | Standards Track ⓘ |
| defines |
TLSA DNS resource record format
NERFINISHED
ⓘ
TLSA certificate usage field ⓘ TLSA matching type field ⓘ TLSA selector field ⓘ |
| definesAcronym | DANE NERFINISHED ⓘ |
| definesProtocol | DNS-Based Authentication of Named Entities NERFINISHED ⓘ |
| documentType | Standards Track specification ⓘ |
| enables |
alternative trust model to traditional CA hierarchy
ⓘ
pinning of TLS keys via DNSSEC ⓘ |
| hasSuccessor | RFC 9102 NERFINISHED ⓘ |
| intendedFor |
TLS service operators
ⓘ
operators of DNS zones ⓘ security protocol implementers ⓘ |
| language | English ⓘ |
| number | 6698 ⓘ |
| obsoletedBy | RFC 9102 NERFINISHED ⓘ |
| obsoletes | None ⓘ |
| primaryPurpose | to bind X.509 certificates to DNS names using DNSSEC ⓘ |
| publishedBy | Internet Engineering Task Force ⓘ |
| publishedIn | RFC series ⓘ |
| relatedTo |
DNS resource records
ⓘ
Domain Name System NERFINISHED ⓘ Public Key Infrastructure NERFINISHED ⓘ X.509 certificates NERFINISHED ⓘ |
| relatesToProtocol |
TLS
NERFINISHED
ⓘ
Transport Layer Security NERFINISHED ⓘ |
| securityModel | DNSSEC-based authentication for TLS ⓘ |
| shortTitle | DNS-Based Authentication of Named Entities (DANE) for TLS NERFINISHED ⓘ |
| specifiesResourceRecordType | TLSA NERFINISHED ⓘ |
| standardizes | association of TLS certificates with domain names via DNSSEC ⓘ |
| status |
Internet Standard
ⓘ
Standards Track RFC ⓘ |
| stream |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| title | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA NERFINISHED ⓘ |
| topic |
DNS-based authentication
ⓘ
Internet security ⓘ TLS certificate validation ⓘ |
| usesTechnology |
DNS Security Extensions
NERFINISHED
ⓘ
DNSSEC NERFINISHED ⓘ |
| workingGroup | DNS-based Authentication of Named Entities NERFINISHED ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: RFC 6698 Description of subject: RFC 6698 is the Internet standard that specifies the DNS-Based Authentication of Named Entities (DANE) protocol, which uses DNSSEC to associate TLS certificates with domain names.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.