IPSEC KEYing information resource record BOF (ipseckey)
Monday, November 18 at 1530-1730
=================================
CHAIRS: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Olafur Gudmundsson <ogud@ogud.com>
MAILING LIST: ipseckey-request@sandelman.ca
Archive: http://www.sandelman.ca/lists/html/ipseckey/
DESCRIPTION:
IP security public KEY in DNS (ipseckey)
This effort has a goal of designing a resource record for the domain
name system (DNS) to replace the functionality of the IPSEC sub-type
of the KEY resource record.
Sub-types of the KEY resource record are being obsoleted by the dnsext WG
as part of the revision of the DNSSEC standard. A replacement is sought.
The scope of work is to identify what information is needed in a
IPSEC specific keying resource record. The contents of the resource record
are not limited to only the information that is in the DNS KEY record but
also contains usefull IPSEC information information.
The general problems of key management, and semantic content of the data
stored in the resource record is beyond the scope of this effort. This
effort is limited to syntactic issues only. Semantics of the contained
information is left to future deployment documents to define.
The resulting resource record should be easily extensible for new uses.
This effort is specific to providing IPSEC information in DNS.
All other distributed databases are out of scope.
PROPOSED SCHEDULE
DEC 02 Solicit various proposals on what information is needed in
IPSEC specific KEYing record.
FEB 02 First draft of consensus RR proposal
APR 02 Advance Document to IESG
AGENDA:
1. Open meeting and welcome
2. Scribe and blue sheet
3. Introduction Michael Richardson
4. Documents
4.1 Why KEY is being obsoleted. Dan Massey <masseyd@isi.edu>
www.ietf.org/internet-drafts/draft-ietf-dnsext-restrict-key-for-dnssec-04.txt
4.2 Requirements.
4.3 Any IPSECKEY proposal that have shown up by Atlanta.
5. open mike
6. Charter discussion
7. schedule discussion
8. Next step.