Domain Name System Security (dnssec)
------------------------------------

 Charter
 Last Modified: 1999-12-20

 Current Status: Concluded Working Group

 Chair(s):
     James Galvin  <galvin+ietf@elistx.com>

 Security Area Director(s):
     Jeffrey Schiller  <jis@mit.edu>
     Steve Bellovin  <smb@research.att.com>

 Security Area Advisor:
     Jeffrey Schiller  <jis@mit.edu>

 Mailing Lists: 
     General Discussion:dns-security@lists.tislabs.com
     To Subscribe:      dns-security-request@lists.tislabs.com
     Archive:           ftp://ftp.tis.com/pub/lists/dns-security

Description of Working Group:

The Domain Name System Security Working Group (DNSSEC) will ensure
enhancements to the secure DNS protocol to protect the dynamic update
operation of the DNS. Specifically, it must be possible to detect the
replay of update transactions and it must be possible to order update
transactions. Clock synchronization should be addressed as well as all
of the dynamic update specification.

Some of the issues to be explored and resolved include

o scope of creation, deletion, and updates for both names and zones

o protection of names subject to dynamic update during zone transfer

o scope of KEY resource record for more specific names in wildcard
  scope

o use of or relationship with proposed expiration resource record

One essential assumption has been identified: data in the DNS is
considered public information. This assumption means that discussions
and proposals involving data confidentiality and access control are
explicitly outside the scope of this working group.

 Goals and Milestones:

   Done         Submit proposal for adding Security enhancements to DNS as 
                an Internet-Draft. 

   Done         Update Internet-Draft on adding security enhancements to 
                DNS. 

   APR 96       Submit Internet-Draft on Secure Dynamic Update 

   AUG 96       Update Internet-Draft on Secure Dynamic Update. 

   DEC 96       Submit Internet-Draft on ensuring security of dynamic 
                update of DNS to IESG for consideration as a Proposed 
                Standard. 


 Internet-Drafts:

  No Current Internet-Drafts.

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2065 PS   JAN 97    Domain Name System Security Extensions 

RFC2137 PS   APR 97    Secure Domain Name System Dynamic Update 

RFC2535 PS   MAR 99    Domain Name System Security Extensions 

RFC2536 PS   MAR 99    DSA KEYs and SIGs in the Domain Name System (DNS) 

RFC2537 PS   MAR 99    RSA/MD5 KEYs and SIGs in the Domain Name System 
                       (DNS) 

RFC2538 PS   MAR 99    Storing Certificates in the Domain Name System (DNS) 

RFC2539 PS   MAR 99    Storage of Diffie-Hellman Keys in the Domain Name 
                       System (DNS) 

RFC2540 E    MAR 99    Detached Domain Name System (DNS) Information 

RFC2541 I    MAR 99    DNS Operational Security Considerations