Domain Name System Security (dnssec)
------------------------------------
 
 Charter 
 Last Modified: 28-Aug-96
 
 Current Status: Active Working Group
 
 Chair(s):
     James Galvin <galvin@commerce.net>
 
 Security Area Director(s): 
     Jeffrey Schiller  <jis@mit.edu>
 
 Security Area Advisor: 
     Jeffrey Schiller  <jis@mit.edu>
 
 Mailing Lists: 
     General Discussion:dns-security@tis.com
     To Subscribe:      dns-security-request@tis.com
     Archive:           ftp://ftp.tis.com/pub/lists/dns-security
 
Description of Working Group:
 
The Domain Name System Security Working Group (DNSSEC) will ensure
enhancements to the secure DNS protocol to protect the dynamic update
operation of the DNS. Specifically, it must be possible to detect the
replay of update transactions and it must be possible to order update
transactions. Clock synchronization should be addressed as well as all
of the dynamic update specification.

Some of the issues to be explored and resolved include

o scope of creation, deletion, and updates for both names and zones

o protection of names subject to dynamic update during zone transfer

o scope of KEY resource record for more specific names in wildcard
  scope

o use of or relationship with proposed expiration resource record

One essential assumption has been identified: data in the DNS is
considered public information. This assumption means that discussions
and proposals involving data confidentiality and access control are
explicitly outside the scope of this working group.
 
 Goals and Milestones: 
 
     Done       Submit proposal for adding Security enhancements to DNS as an 
                Internet-Draft.                                                

     Done       Update Internet-Draft on adding security enhancements to DNS.  

   Apr 96       Submit Internet-Draft on Secure Dynamic Update                 

   Aug 96       Update Internet-Draft on Secure Dynamic Update.                

   Dec 96       Submit Internet-Draft on ensuring security of dynamic update of
                DNS to IESG for consideration as a Proposed Standard.          


 Internet-Drafts:

Posted Revised       I-D Title  <Filename>
------ ------- ------------------------------------------
 Nov 94 Aug 97  <draft-ietf-dnssec-as-map-05.txt> 
                Mapping Autonomous Systems Number into the Domain Name System  
 
 Feb 96 Mar 97  <draft-ietf-dnssec-ddi-02.txt> 
                Detached Domain Name System Information                        
 
 Mar 97 New     <draft-ietf-dnssec-in-key-00.txt> 
                The DNS Inverse Key Domain                                     
 
 Jun 97 New     <draft-ietf-dnssec-dhk-00.txt> 
                Storage of Diffie-Hellman Keys in the Domain Name System       
 
 Jul 97 Aug 97  <draft-ietf-dnssec-secext2-01.txt> 
                Domain Name System Security Extensions                         
 
 Sep 97 New     <draft-ietf-dnssec-dss-00.txt> 
                DSA KEYs and SIGs in the Domain Name System                    
 
 Sep 97 New     <draft-ietf-dnssec-certs-00.txt> 
                Storing Certificates in the Domain Name System                 
 
 Sep 97 New     <draft-ietf-dnssec-indirect-key-00.txt> 
                Indirect Keys in the Domain Name System                        

 Request For Comments:

  RFC  Stat Published    Title 
------- -- ---------- -----------------------------------------
RFC2065 PS   Jan 97     Domain Name System Security Extensions                 
 
RFC2137 PS   Apr 97     Secure Domain Name System Dynamic Update