[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

revised draft ipseckey charter

To: iesg@ietf.org
Subject: revised draft ipseckey charter
From: Steve Bellovin <smb@research.att.com>
Date: Tue, 04 Feb 2003 08:47:55 -0500
Cc: iab@ietf.org

Here's a revised charter, with Harald's text and a replacement for the 
sentence about reuse.

---
WG description

IPSEC KEYing information resource record WG (ipseckey)

CHAIRS:	TBD

MAILING LIST:	ipseckey-request@sandelman.ca
Archive:	http://www.sandelman.ca/lists/html/ipseckey/

DESCRIPTION:

IP security public KEY in DNS (ipseckey)

This effort has a goal of designing a IPSEC specific resource record for the
domain name system (DNS) to replace the functionality of the IPSEC sub-type
of the KEY resource record.

Original DNSSEC specification explicitly specified flags on KEY resource
records for use by IPSEC. Experience has show this to cause operational
problems. DNSEXT working group is restricting the use of the KEY record to
DNS uses only. IPSEC keying via DNS thus needs a new resource record.

The scope of work is to identify what information is needed in a
IPSEC specific keying resource record. The contents of the resource record
are not limited to only the information that is in the DNS KEY record but
also to contain useful IPSEC information information, such as that which is
required for Opportunistic Encryption.  Other possible uses are out of 
scope for this working group, since any reuse will require a careful 
analysis of the trust model and possible security interactions with 
IPsec.


The WG will define the semantics of the record only in terms of how
the data in the record can be used for initializing an IPSEC session.
Questions of when it is appropriate to do so are regarded as policy
issues that are out of scope for this WG.

This effort is specific to providing IPSEC information in DNS.
All other distributed channels are out of scope.

PROPOSED SCHEDULE

Winter 2003	Solicit various proposals on what information is needed in
		IPSEC specific KEYing record.

Spring 2003	First draft of consensus RR proposal

May    2003	Advance Document to IESG


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: RE: Question on giving posting rights to mailing lists
Next by Date: Re: aaaa rrs, icann, and rssac
Previous by thread: Question on giving posting rights to mailing lists
Next by thread: alcatel patent
Index(es):
- Date
- Thread