Domain Name System Security (dnssec) Charter

NOTE: This charter is accurate as of the 37th IETF Meeting in San Jose. It may now be out-of-date. (Consider this a "snapshot" of the working group from that meeting.) Up-to-date charters for all active working groups can be found elsewhere in this Web server.


Security Area Director(s):

Mailing List Information

Description of Working Group

The Domain Name System Security Working Group (DNSSEC) will ensure enhancements to the secure DNS protocol to protect the dynamic update operation of the DNS. Specifically, it must be possible to detect the replay of update transactions and it must be possible to order update transactions. Clock synchronization should be addressed as well as all of the dynamic update specification.

Some of the issues to be explored and resolved include

o scope of creation, deletion, and updates for both names and zones

o protection of names subject to dynamic update during zone transfer

o scope of KEY resource record for more specific names in wildcard scope

o use of or relationship with proposed expiration resource record

One essential assumption has been identified: data in the DNS is considered public information. This assumption means that discussions and proposals involving data confidentiality and access control are explicitly outside the scope of this working group.

Goals and Milestones

Submit proposal for adding Security enhancements to DNS as an Internet-Draft.
Update Internet-Draft on adding security enhancements to DNS.
Apr 96
Submit Internet-Draft on Secure Dynamic Update
Aug 96
Update Internet-Draft on Secure Dynamic Update.
Dec 96
Submit Internet-Draft on ensuring security of dynamic update of DNS to IESG for consideration as a Proposed Standard.

Current Internet-Drafts

No Request for Comments