Internet Assigned Numbers Authority

DNS-Based Authentication of Named Entities (DANE) Parameters

Created
2012-06-28
Last Updated
2014-04-23
Available Formats

XML

HTML

Plain text

Registries included below

TLSA Certificate Usages

Registration Procedure(s)
RFC Required
Reference
[RFC6698][RFC7218]
Available Formats

CSV
Value Acronym Short Description Reference
0 PKIX-TA CA constraint [RFC6698]
1 PKIX-EE Service certificate constraint [RFC6698]
2 DANE-TA Trust anchor assertion [RFC6698]
3 DANE-EE Domain-issued certificate [RFC6698]
4-254 Unassigned
255 PrivCert Reserved for Private Use [RFC6698]

TLSA Selectors

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC6698][RFC7218]
Available Formats

CSV
Value Acronym Short Description Reference
0 Cert Full certificate [RFC6698]
1 SPKI SubjectPublicKeyInfo [RFC6698]
2-254 Unassigned
255 PrivSel Reserved for Private Use [RFC6698]

TLSA Matching Types

Registration Procedure(s)
Specification Required
Expert(s)
Unassigned
Reference
[RFC6698][RFC7218]
Available Formats

CSV
Value Acronym Short Description Reference
0 Full No hash used [RFC6698]
1 SHA2-256 256 bit hash by SHA2 [RFC6234]
2 SHA2-512 512 bit hash by SHA2 [RFC6234]
3-254 Unassigned
255 PrivMatch Reserved for Private Use [RFC6698]