Domain Name System Security (dnssec) ------------------------------------ Charter Last Modified: 1999-12-20 Current Status: Concluded Working Group Chair(s): James Galvin Security Area Director(s): Jeffrey Schiller Steve Bellovin Security Area Advisor: Jeffrey Schiller Mailing Lists: General Discussion:dns-security@lists.tislabs.com To Subscribe: dns-security-request@lists.tislabs.com Archive: ftp://ftp.tis.com/pub/lists/dns-security Description of Working Group: The Domain Name System Security Working Group (DNSSEC) will ensure enhancements to the secure DNS protocol to protect the dynamic update operation of the DNS. Specifically, it must be possible to detect the replay of update transactions and it must be possible to order update transactions. Clock synchronization should be addressed as well as all of the dynamic update specification. Some of the issues to be explored and resolved include o scope of creation, deletion, and updates for both names and zones o protection of names subject to dynamic update during zone transfer o scope of KEY resource record for more specific names in wildcard scope o use of or relationship with proposed expiration resource record One essential assumption has been identified: data in the DNS is considered public information. This assumption means that discussions and proposals involving data confidentiality and access control are explicitly outside the scope of this working group. Goals and Milestones: Done Submit proposal for adding Security enhancements to DNS as an Internet-Draft. Done Update Internet-Draft on adding security enhancements to DNS. APR 96 Submit Internet-Draft on Secure Dynamic Update AUG 96 Update Internet-Draft on Secure Dynamic Update. DEC 96 Submit Internet-Draft on ensuring security of dynamic update of DNS to IESG for consideration as a Proposed Standard. Internet-Drafts: No Current Internet-Drafts. Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC2065 PS JAN 97 Domain Name System Security Extensions RFC2137 PS APR 97 Secure Domain Name System Dynamic Update RFC2535 PS MAR 99 Domain Name System Security Extensions RFC2536 PS MAR 99 DSA KEYs and SIGs in the Domain Name System (DNS) RFC2537 PS MAR 99 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) RFC2538 PS MAR 99 Storing Certificates in the Domain Name System (DNS) RFC2539 PS MAR 99 Storage of Diffie-Hellman Keys in the Domain Name System (DNS) RFC2540 E MAR 99 Detached Domain Name System (DNS) Information RFC2541 I MAR 99 DNS Operational Security Considerations