CURRENT_MEETING_REPORT_ Reported by James Galvin/TIS Minutes of the DNS Security Working Group (DNSSEC) The DNS Security Working Group met on Tuesday morning for a 2.5 hour meeting. Donald Eastlake and Charlie Kaufman had previously submitted a proposal (as an Internet-Draft) for enhancing the DNS to support a digital signature security service. This meeting was dedicated to a review of that proposal. The meeting began with a review of the desired requirements identified at the BOF meeting held at the November 1993 Houston meeting. Donald and Charlie then led a presentation and discussion of their proposal. The following issues were discussed and resolved as indicated. o Choice of algorithm The proposal currently specifies the SHA and RSA algorithms. It was agreed to replace SHA with MD5, the current Internet preference. o Revisit DNS architecture The addition of SIG RRs increases the probability that the maximum UDP payload per packet may be exceeded. The requirement that we remain backward compatible with the existing installed base, and the lack of empirical data to support the premise, caused us to agree to leave the DNS architecture alone. o Where do SIG RRs go in the reply A question was raised as to which section of the reply the SIG RRs should be placed. This is an issue because it was noted that, if necessary, implementations may ignore (and truncate) the additional records portion of a reply. It was agreed to query Paul Mockapetris in particular and to follow-up on the mailing list. o Key-per-zone or key-per-server The proposal currently specifies that a public/private key pair is assigned to a zone, which is responsible for signing its data. In this way the data may be distributed by any server and, in fact, the actual signing of the data may (and should) occur as an off-line function. In addition, a specification is included for servers to optionally sign responses to queries. At this time it was agreed to leave the optional alternative in the document. We will revisit this issue after we have some implementation experience. o Split the document It was suggested that the document may be better organized as several related documents. It was agreed Donald and/or Charlie would initiate a discussion of this issue on the mailing list. o Use of the NTP time service The proposal currently emphasizes (if not requires) the use of a reliable time service, in particular NTP. It was agreed that DNS may depend on loosely synchronized clocks, on the order of a few hours. The authors agreed to rework this aspect of the proposal and to not mention any particular way of achieving synchronization. o Partial and/or hash records The point was raised that the ability to directly include RRs of a particular type in more than one SIG record was overly complicated in that it caused the need for the ``partial RR'' signet to be sure you had all the relevant SIGs. The suggestion was that if all the RRs of a particular type did not fit directly into one SIG, the use of a hashed signet be required which would in turn require the RRs to be present in plain text outside the SIG. It was agreed to wait for implementation experience to see if this simplification to the proposal made sense. o Key management It was observed that an integral part of the proposal is the specification of a key management protocol. As the new Security Area Director was present at the meeting, he was asked if the Security Area believed it was appropriate to specify another key management protocol, observing that both PEM and SNMP Security have also specified key management protocols. The response was that this key management protocol was sufficiently different from the other two that it was valuable in its own right and should remain part of the proposal. The meeting concluded with Jim Galvin noting that TIS would be implementing the proposal using the BIND implementation of the DNS as a baseline. This software would be openly available to the Internet community. This group expects to meet in Toronto. Attendees Garrett Alexander gda@tycho.ncsc.mil Robert Austein sra@epilogue.com Kym Blair kdblair@dockmaster.ncsc.mil Alexis Bor bora@ct.si.cs.boeing.com Stephen Bowman srb@nwnet.net Brad Burdick bburdick@radio.com John Carlson johnc@cac.washington.edu Curtis Cox ccox@wnyosi7.nctsw.navy.mil Matt Crawford crawdad@fncent.fnal.gov Shane Davis shane@delphi.com Donald Eastlake dee@lkg.dec.com Erik Fair fair@apple.com Antonio Fernandez afa@bellcore.com Jerome Freedman jfjr@mbunix.mitre.org James Galvin galvin@tis.com Chris Gorsuch chrisg@lobby.ti.com Richard Graveman rfg@ctt.bellcore.com Art Harkin ash@cup.hp.com Richard Harris rharris@atc.boeing.com Marc Hasson marc@mentat.com Steven Hubert hubert@cac.washington.edu Christian Huitema Christian.Huitema@sophia.inria.fr Matthew Jonson jonson@ddn.af.mil Scott Kaplan scott@wco.ftp.com Charlie Kaufman kaufman@zk3.dec.com Stephen Kent kent@bbn.com Edwin King eek@atc.boeing.com So Young Lee sylee@hen.nca.go.kr Steven Lunt lunt@bellcore.com Bill Manning bmanning@rice.edu Piers McMahon p.v.mcmahon@rea0803.wins.icl.co.uk Michael Michnikov mbmg@mitre.org Greg Minshall minshall@wc.novell.com Paul Mockapetris pvm@isi.edu Sandra Murphy murphy@tis.com Clifford Neuman bcn@isi.edu Masataka Ohta mohta@cc.titech.ac.jp Karen Petraska-Veum karen.veum@gsfc.nasa.gov George Phillips phillips@cs.ubc.ca Peter Phillips pphillip@cs.ubc.ca Derrell Piper piper@tgv.com Michael Ressler mpr@ctt.bellcore.com William Robertson rob@agate.berkeley.edu John Romkey romkey@elf.com Jeffrey Schiller jis@mit.edu Steven Schnell schnell@sprintlink.net Doug Schremp dhs@magna.telco.com Tim Seaver tas@concert.net William Simpson bsimpson@morningstar.com Michael St. Johns stjohns@arpa.mil Shirley Sun suns@centrum.com Theodore Ts'o tytso@mit.edu Ruediger Volk rv@informatik.uni-dortmund.de Dale Walters walters@osi3.ncsl.nist.gov Walter Wimer ww0n+@andrew.cmu.edu Dan Zerkle zerkle@cs.ucdavis.edu