[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



From owner-ipseckey@lox.sandelman.ottawa.on.ca  Wed Feb 26 14: 51:42 2003
Received: from sentry.gw.tislabs.com (firewall-user@sentry.gw.tislabs.com [192.94.214.100])
	by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id OAA08799
	for <ipseckey@sandelman.ca>; Wed, 26 Feb 2003 14:51:37 -0500 (EST)
Received: by sentry.gw.tislabs.com; id OAA27711; Wed, 26 Feb 2003 14:52:07 -0500 (EST)
Received: from raven.gw.tislabs.com(10.33.1.50) by sentry.gw.tislabs.com via smap (V5.5)
	id xma027707; Wed, 26 Feb 03 14:51:34 -0500
Received: from localhost (weiler@localhost)
	by raven.gw.tislabs.com (8.11.6/8.11.6) with ESMTP id h1QJonP07896
	for <ipseckey@sandelman.ca>; Wed, 26 Feb 2003 14:50:49 -0500 (EST)
Date: Wed, 26 Feb 2003 14:50:49 -0500 (EST)
From: Sam Weiler <weiler@tislabs.com>
X-X-Sender: <weiler@raven>
To: ipseckey@sandelman.ca
Subject: WG Action: IPSEC KEYing information resource record
Message-ID: <Pine.GSO.4.33.0302261449520.7252-100000@raven>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-To: ipseckey
Resent-Date: Wed, 26 Feb 2003 15:20:24 -0500
Resent-From: Michael Richardson <mcr@marajade.sandelman.ottawa.on.ca>

---------- Forwarded message ----------
Date: Wed, 26 Feb 2003 13:48:10 -0500
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce:  ;
Subject: WG Action: IPSEC KEYing information resource record


A new working group has been formed in the Security Area of the IETF.
For additional information, contact the Area Directors
or the Working Group Chairs.


IPSEC KEYing information resource record (ipseckey)
-----------------------------------------------------

Current Status: Active Working Group


Chair(s):  Sam Weiler <weiler+ietf@watson.org>
	     Rob Austein <sra@hactrn.net>

Security Area Director(s):
           Jeffrey Schiller <jis@mit.edu>
           Steven Bellovin <smb@research.att.com>

Security Area Advisor:
           Steven Bellovin <smb@research.att.com>

Mailing Lists:
           General Discussion:ipseckey@sandelman.ca
           To Subscribe: ipseckey-request@sandelman.ca
           Archive: http://www.sandelman.ca/lists/html/ipseckey/

Description of Working Group:

This effort has the goal of designing a IPSEC-specific resource
record for the domain name system (DNS) to replace the functionality
of the IPSEC sub-type of the KEY resource record.

The original DNSSEC specification explicitly specified flags on
the KEY resource records for use by IPSEC. Experience has shown that
this has operational problems. The DNSEXT working group is restricting
the use of the KEY record to DNS uses only. Thus, IPSEC keying via
DNS needs a new resource record.

The scope of work is to identify what information is needed in an
IPSEC-specific keying resource record, and to design such a record in
co-operation with the dnsext working group. The contents of the
resource record are not limited to only the information that is in the
DNS KEY record but may also contain other useful IPSEC information,
such as that which is required for Opportunistic Encryption. Other
possible uses are out of scope for this working group, since any
reuse will require a careful analysis of the trust model and possible
security interactions with IPsec. It is anticipated that such analysis
will be documented in some future standards-track RFCs.

The WG will define the semantics of the record only in terms of
how the data in the record can be used for initializing an IPSEC
session. Questions of when it is appropriate to do so are regarded
as policy issues that are out of scope for this WG.

This effort is specific to providing IPSEC information in DNS.
All other distribution channels are out of scope.


Goals and Milestones:

MAR 03 Solicit various proposals on what information is needed in
       IPSEC specific KEYing record

APR 03 Publish first Internet-Draft of consensus DNS Resource
       Record

MAY 03 Complete WG Last Call on consensus DNS RR proposal document
       and pass document to IESG for consideration as a Proposed
       Standard

-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.