CURRENT_MEETING_REPORT_


Reported by James Galvin/TIS

Minutes of the DNS Security Working Group (DNSSEC)

The DNS Security Working Group met on Wednesday morning for a two and a
half hour meeting.  Masataka Ohta had previously submitted an
alternative to the Donald Eastlake and Charlie Kaufman proposal.  The
majority of this meeting was dedicated to discussing the differences
between the two proposals.

The meeting began with Jim Galvin presenting a very brief summary of his
implementation experience with the Eastlake/Kaufman proposal.  No
cryptography was implemented; in the interests of simplicity and
expediency, values were XORd instead.  Also, only the direct resource
records were prototyped.  Two results were reported:  it is possible to
implement the proposal and the proposal includes more options than are
needed.

Jim observed that one of the principal motivations for many of the
options in the Eastlake/Kaufman proposal was the perception that the 512
byte limit for DNS messages was too small.  However, he asserted that
this limit was in fact not an issue, for two reasons that would be
explained later.  As a result, he had a proposal for how to proceed but
preferred to yield the floor to Kaufman and Ohta for a discussion of
their lists of issues.

The remainder of the meeting was dedicated to Kaufman and Ohta each
presenting a list of questions and comments about each others'
proposals.  There was a great deal of vigorous and animated discussion
about the issues.  Careful time management allowed a complete
presentation of all the issues, with some discussion for each, although
no conclusions were reached.  Since both Ohta and Kaufman agreed to
distribute their lists to the electronic mailing lists for continued
discussion and resolution, the details are not presented here.

The meeting closed with Jim proposing that Eastlake/Kaufman reduce their
proposal to include only the hashed resource record, for two reasons.
First, there is the assertion that the 512 byte limit would be
sufficient about 80-90% of the time.  However, even without this
assertion, Version 2 of DNS will shortly be proposed that will increase
the message size limit.  TIS will implement the proposed DNS security
enhancements with this new version of DNS. Jim will follow-up with
Eastlake and Kaufman about reducing their proposal, identified as
Eastlake/Kaufman-lite.

Since consensus was not possible within the time frame allotted for the
working group meeting, further discussion of the relative merits of each
proposal will continue on the mailing list.  The chair agreed to propose
criteria that could be used to evaluate the two proposals ---
Eastlake/Kaufman-lite and Ohta --- to aid the working group in selecting
one to submit to the standards track.  Consensus and a single proposal
will be obtained on the mailing list prior to the next IETF; this group
expects to meet in San Jose.