Concluded WG Domain Name System Security (dnssec)
Note: The data for concluded WGs is occasionally incorrect.
WG | Name | Domain Name System Security | |
---|---|---|---|
Acronym | dnssec | ||
Area | Security Area (sec) | ||
State | Concluded | ||
Charter | charter-ietf-dnssec-01 Approved | ||
Document dependencies | |||
Personnel | Chair | James Galvin | |
Mailing list | Address | dns-security@lists.tislabs.com | |
To subscribe | dns-security-request@lists.tislabs.com | ||
Archive | ftp://ftp.tis.com/pub/lists/dns-security |
Final Charter for Working Group
The Domain Name System Security Working Group (DNSSEC) will ensure
enhancements to the secure DNS protocol to protect the dynamic update
operation of the DNS. Specifically, it must be possible to detect the
replay of update transactions and it must be possible to order update
transactions. Clock synchronization should be addressed as well as all
of the dynamic update specification.
Some of the issues to be explored and resolved include
o scope of creation, deletion, and updates for both names and zones
o protection of names subject to dynamic update during zone transfer
o scope of KEY resource record for more specific names in wildcard
scope
o use of or relationship with proposed expiration resource record
One essential assumption has been identified: data in the DNS is
considered public information. This assumption means that discussions
and proposals involving data confidentiality and access control are
explicitly outside the scope of this working group.
Milestones
Date | Milestone | Associated documents |
---|---|---|
Dec 1996 | Submit Internet-Draft on ensuring security of dynamic update of DNS to IESG for consideration as a Proposed Standard. | |
Aug 1996 | Update Internet-Draft on Secure Dynamic Update. | |
Apr 1996 | Submit Internet-Draft on Secure Dynamic Update |
Done milestones
Date | Milestone | Associated documents |
---|---|---|
Done | Update Internet-Draft on adding security enhancements to DNS. | |
Done | Submit proposal for adding Security enhancements to DNS as an Internet-Draft. |