NOTE: This charter is accurate as of the 29th IETF Meeting in Seattle. It
may now be out-of-date. (Consider this a "snapshot" of the working
group from that meeting.) Up-to-date charters for all active working
groups can be found elsewhere in this Web server.
DNS Security (DNSSEC) Charter
- James Galvin <firstname.lastname@example.org>
Mailing List Information
- General Discussion <email@example.com>
- To Subscribe <firstname.lastname@example.org>
- Archive <ftp.tis.com:/pub/dns-security>
Description of Working Group
The Domain Name System Security Working Group (DNSSEC) will
specify enhancements to the DNS protocol to protect the DNS against
unauthorized modification of data and against masquerading of data
origin. That is, it will add data integrity and authentication
capabilities to the DNS. The specific mechanism to be added to the DNS
protocol will be a digital signature.
The digital signature service will be added such that the DNS resource
records will be signed and, by distributing the signatures with the
records, remote sites can verify the signatures and thus have
confidence in the accuracy of the records received.
There are at least two issues to be explored and resolved. First,
should the records be signed by the primary or secondary (or both)
servers distributing the resource records, or should they be signed by
the start of authority for the zone of the records. This issue is
relevant since there are servers for sites that are not IP connected.
Second, the mechanism with which to distribute the public keys
necessary to verify the digital signatures must be identified.
Two essential assumptions have been identified. First, backwards
compatibility and co-existence with DNS servers and clients that do not
support the proposed security services is required. Second, data in
the DNS is considered public information. This latter assumption means
that discussions and proposals involving data confidentiality and
access control are explicitly outside the scope of this working group.
Goals and Milestones
- Mar 1994
- Submit proposal for adding Security enhancements to DNS as an Internet-Draft
- Jul 1994
- Update Internet-Draft on adding security enhancements to DNS
- Nov 1994
- Submit proposal for adding security enhancements to the DNS to the IESG for consideration as a Proposed Standard
NOTE: The Internet-Draft(s) listed below may have been deleted
since they are only good for six months.