[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
revised draft ipseckey charter
Here's a revised charter, with Harald's text and a replacement for the
sentence about reuse.
---
WG description
IPSEC KEYing information resource record WG (ipseckey)
CHAIRS: TBD
MAILING LIST: ipseckey-request@sandelman.ca
Archive: http://www.sandelman.ca/lists/html/ipseckey/
DESCRIPTION:
IP security public KEY in DNS (ipseckey)
This effort has a goal of designing a IPSEC specific resource record for the
domain name system (DNS) to replace the functionality of the IPSEC sub-type
of the KEY resource record.
Original DNSSEC specification explicitly specified flags on KEY resource
records for use by IPSEC. Experience has show this to cause operational
problems. DNSEXT working group is restricting the use of the KEY record to
DNS uses only. IPSEC keying via DNS thus needs a new resource record.
The scope of work is to identify what information is needed in a
IPSEC specific keying resource record. The contents of the resource record
are not limited to only the information that is in the DNS KEY record but
also to contain useful IPSEC information information, such as that which is
required for Opportunistic Encryption. Other possible uses are out of
scope for this working group, since any reuse will require a careful
analysis of the trust model and possible security interactions with
IPsec.
The WG will define the semantics of the record only in terms of how
the data in the record can be used for initializing an IPSEC session.
Questions of when it is appropriate to do so are regarded as policy
issues that are out of scope for this WG.
This effort is specific to providing IPSEC information in DNS.
All other distributed channels are out of scope.
PROPOSED SCHEDULE
Winter 2003 Solicit various proposals on what information is needed in
IPSEC specific KEYing record.
Spring 2003 First draft of consensus RR proposal
May 2003 Advance Document to IESG
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)