[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipseckey (fwd)

To: iesg@ietf.org
Subject: Re: ipseckey (fwd)
From: Steve Bellovin <smb@research.att.com>
Date: Fri, 31 Jan 2003 13:00:39 -0500
Cc: iesg-secretary@ietf.org

For Thursday's agenda:  a first cut at a charter for ipseckey.
(Timing is tight, so I haven't run this by y'all first.  Feel free to 
amend.  This draft is by Michael Richardson, the main energy source for 
the effort, but very probably the wrong choice for chair.)

------- Forwarded Message


WG description

IPSEC KEYing information resource record WG (ipseckey)

CHAIRS:	TBD

MAILING LIST:	ipseckey-request@sandelman.ca
Archive:	http://www.sandelman.ca/lists/html/ipseckey/

DESCRIPTION:

IP security public KEY in DNS (ipseckey)

This effort has a goal of designing a IPSEC specific resource record for the
domain name system (DNS) to replace the functionality of the IPSEC sub-type
of the KEY resource record.

Original DNSSEC specification explicitly specified flags on KEY resource
records for use by IPSEC. Experience has show this to cause operational
problems. DNSEXT working group is restricting the use of the KEY record to
DNS uses only. IPSEC keying via DNS thus needs a new resource record.

The scope of work is to identify what information is needed in a
IPSEC specific keying resource record. The contents of the resource record
are not limited to only the information that is in the DNS KEY record but
also to contain useful IPSEC information information, such as that which is
required for Opportunistic Encryption. The record is not limited to such use.

The general problems of key management, and semantic content of the data
stored in the resource record is beyond the scope of this effort. This
effort is limited to syntactic issues only. Semantics of the contained
information is left to future deployment documents to define. 

This effort is specific to providing IPSEC information in DNS.
All other distributed channels are out of scope.

PROPOSED SCHEDULE

Winter 2003	Solicit various proposals on what information is needed in
		IPSEC specific KEYing record.

Spring 2003	First draft of consensus RR proposal

May    2003	Advance Document to IESG



------- End of Forwarded Message



		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Follow-Ups:
- Re: ipseckey (fwd)
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: ipseckey (fwd)
  - From: Rob Austein <sra@hactrn.net>

Prev by Date: Re: Authentication and email
Next by Date: Re: ipseckey (fwd)
Previous by thread: draft-ietf-tsvwg-tcp-nonce-04.txt
Next by thread: Re: ipseckey (fwd)
Index(es):
- Date
- Thread