DNS Security (dnssec) Charter
NOTE: This charter is accurate as of the 31st IETF Meeting in San Jose. It
may now be out-of-date. (Consider this a "snapshot" of the working
group from that meeting.) Up-to-date charters for all active working
groups can be found elsewhere in this Web server.
Chair(s)
- James Galvin <galvin@tis.com>
Security Area Director(s):
- Jeffrey Schiller <jis@mit.edu>
Mailing List Information
- General Discussion:dns-security@tis.com
- To Subscribe: dns-security-request@tis.com
- Archive: ftp.tis.com:/pub/dns-security
Description of Working Group
The Domain Name System Security Working Group (DNSSEC) will
specify enhancements to the DNS protocol to protect the DNS against
unauthorized modification of data and against masquerading of data
origin. That is, it will add data integrity and authentication
capabilities to the DNS. The specific mechanism to be added to the DNS
protocol will be a digital signature.
The digital signature service will be added such that the DNS resource
records will be signed and, by distributing the signatures with the
records, remote sites can verify the signatures and thus have
confidence in the accuracy of the records received.
There are at least two issues to be explored and resolved. First,
should the records be signed by the primary or secondary (or both)
servers distributing the resource records, or should they be signed by
the start of authority for the zone of the records. This issue is
relevant since there are servers for sites that are not IP connected.
Second, the mechanism with which to distribute the public keys
necessary to verify the digital signatures must be identified.
Two essential assumptions have been identified. First, backwards
compatibility and co-existence with DNS servers and clients that do not
support the proposed security services is required. Second, data in
the DNS is considered public information. This latter assumption means
that discussions and proposals involving data confidentiality and
access control are explicitly outside the scope of this working group.
Goals and Milestones
- Done
- Submit proposal for adding Security enhancements to DNS as an Internet-Draft
- Done
- Update Internet-Draft on adding security enhancements to DNS
- Nov 94
- Submit proposal for adding security enhancements to the DNS to the IESG for consideration as a Proposed Standard
Current Internet-Drafts
No Request for Comments