Editor's note: These minutes have not been edited. The DNS Security Working Group met for one working group session. First item on the agenda was the status of the three documents before us. draft-dnssec-as-map-03.txt - It was decided to remove this document from consideration by the working group. At a minimum, it sets up a requirement for yet another centralized authority to come into existence to manage the name space, which would seem to be problematic in today's Internet. In any case, there is a very small minority of people interested in this document at this time. The area director has indicated that if there is a group who would like to pursue this work he will consider a proposal for a new working group. draft-dnssec-secext-09.txt - The document has been through working group and IETF last call, and has been reviewed by the IESG. It has been revised according to comments received and a new version has been submitted to the IESG for final review. We expect the document to be approved and submitted to the RFC Editor for publication as a Proposed Standard. draft-dnssec-update-00.txt - Per our agreement last March, this document is waiting for implementation experience before we submit it to the IESG. Trusted Information Systems expects to complete an alpha reference implementation prior to the December meeting. If not, we previously agreed to submit the document to the IESG anyway, since any further delay would be counter-productive. Next, TIS spoke briefly on the status of its reference implementation. They indicated there would be a new release soon (during July). Also, they have applied for an export license that would permit the global distribution of the software, with cryptographic calls but without the cryptographic software, i.e., it would include calls to RSAREF but it would not include RSAREF. John Gilmore and IBM each indicated they have partial implementations. It was pointed out that Microsoft has an implementation underway but no one was present from Microsoft to either confirm or deny the activity. There are no implementations of secure dynamic update at this time. Three remaining issues were brought to the floor and discussed. The results of the discussion are as follows. First, the DNS security document does not currently include any worked examples of how to validate public keys. It was agreed that several examples of validation, including both to the root and to other trusted points, be added to the document when it progresses from Proposed to Draft. Second, the question was raised as to what the validation policy should be for the global DNS. It was agreed that now that we have Secure DNS we need to better understand the validation process and its implications. The Chair took an action item to form a sub-group to prepare a draft validation policy for the working group to review. This document will become an adjunct to the secure DNS specification and ultimately submitted for consideration as a proposed standard. Third, it was pointed out that the TIS reference implementation does the security enhancements in the server, not in the client. TIS took as an action item to enhance its implementation to include security support for the client. This working group will meet at the Winter 1996 IETF. At that time we will review any secure dynamic update implementation experience and consider whether to advance the secure dynamic update specification. In addition, the validation policy sub-group will present a draft document for review by the working group.