CURRENT MEETING REPORT

Minutes of the DNS Security Working Group (dnssec)

The working group met during one meeting period with the following agenda:

• Charter Review
• Secure DNS Status
  • document
  • implementation
• Requirements Review
• Dynamic Update Discussion
  

A revised Charter that included the secure dynamic update task was presented to the working group for review. A revision will be posted to the mailing list for final review prior to submission to the Area Director and Secretariat for approval and posting.

The secure DNS specifications (draft-ietf-dnssec-secext-09.txt and draft-ietf-dnssec-as-map-03.txt) are currently in IETF Last Call. The IESG will make its decision during its next regularly scheduled meeting; the documents are expected to be advanced to Proposed Standard.

Trusted Information Systems (TIS) announced the availability of their beta implementation of the DNS security enhancements. It is available for anonymous FTP to U.S. and Canadian sites. Retrieve the file ftp://ftp.tis.com/pub/DNSSEC/README for more details. Beta testers are requested to contact tisdnssec-support@tis.com for more information.

Prior to beginning the secure dynamic update discussion a review of the requirements for it, as agreed at the last meeting, was presented. The requirements are:

• must detect replay of transactions
• must be able to order transactions
• must address clock synchronization
• should address all of current dynamic update specification
  

Donald Eastlake presented an overview of the secure dynamic update draft (draft-ietf-dnssec-update-00.txt) he has proposed. Since no significant discussion resulted information about implementations was requested, to which TIS committed to beginning its implementation of the proposal soon. A caution was offered about deploying secure dynamic update given the lack of experience we have with insecure dynamic update. However, the Security Area Director was quick to point out he considered this a feature. The reason is because more often than not the security area finds itself retrofitting security into a protocol, a process that is usually imperfect and unnecessarily constrains the integration.

The meeting closed with the working group agreeing to wait until the summer IETF before deciding whether to advance the current proposal. Waiting will permit TIS to begin its implementation and evaluate the completeness of the specification.