Received: from relay.hq.tis.com by neptune.TIS.COM id aa09083; 5 Aug 96 11:45 EDT Received: by relay.hq.tis.com; id LAA23222; Mon, 5 Aug 1996 11:48:29 -0400 Received: from sol.hq.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma023198; Mon, 5 Aug 96 11:48:07 -0400 Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA20377; Mon, 5 Aug 96 11:47:37 EDT Received: by relay.hq.tis.com; id LAA23181; Mon, 5 Aug 1996 11:48:00 -0400 Received: from ietf.org(132.151.1.19) by relay.tis.com via smap (V3.1.1) id xma023152; Mon, 5 Aug 96 11:47:30 -0400 Received: from localhost by ietf.org id aa01650; 5 Aug 96 11:12 EDT Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ;, tis.com@TIS.COM MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM Cc: dns-security@TIS.COM From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnssec-secext-10.txt Date: Mon, 05 Aug 1996 11:12:38 -0400 Message-Id: <9608051112.aa01650@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk --NextPart A Revised Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Security Working Group of the IETF. Note: This revision reflects comments received during the last call period. Title : Domain Name System Security Extensions Author(s) : D. Eastlake, C. Kaufman Filename : draft-ietf-dnssec-secext-10.txt Pages : 45 Date : 08/02/1996 The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases. The extensions also provide for the storage of authenticated public keys in the DNS. This storage of keys can support general public key distribution service as well as DNS security. The stored keys enable security aware resolvers to learn the authenticating key of zones in addition to those for which they are initially configured. Keys associated with DNS names can be retrieved to support other protocols. Provision is made for a variety of key types and algorithms. In addition, the security extensions provide for the optional authentication of DNS protocol transactions. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnssec-secext-10.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-secext-10.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (193.205.245.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-dnssec-secext-10.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts@ietf.org Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ds.internic.net" Content-Type: text/plain Content-ID: <19960805101146.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnssec-secext-10.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnssec-secext-10.txt"; site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19960805101146.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from relay.hq.tis.com by neptune.TIS.COM id aa09944; 5 Aug 96 12:21 EDT Received: by relay.hq.tis.com; id MAA24134; Mon, 5 Aug 1996 12:24:00 -0400 Received: from sol.hq.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma024127; Mon, 5 Aug 96 12:23:32 -0400 Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA21949; Mon, 5 Aug 96 12:23:02 EDT Received: by relay.hq.tis.com; id MAA24117; Mon, 5 Aug 1996 12:23:30 -0400 Received: from ietf.org(132.151.1.19) by relay.tis.com via smap (V3.1.1) id xmaa24110; Mon, 5 Aug 96 12:23:15 -0400 Received: from localhost by ietf.org id aa03738; 5 Aug 96 11:49 EDT Mime-Version: 1.0 Content-Type: Multipart/Mixed; Boundary="NextPart" To: IETF-Announce: ;, tis.com@TIS.COM MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM Cc: dns-security@TIS.COM From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnssec-secext-10.txt Date: Mon, 05 Aug 1996 11:49:33 -0400 Message-Id: <9608051149.aa03738@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk --NextPart A Revised Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Security Working Group of the IETF. Note: This revision reflects comments received during the last call period. Title : Domain Name System Security Extensions Author(s) : D. Eastlake, C. Kaufman Filename : draft-ietf-dnssec-secext-10.txt Pages : 45 Date : 08/02/1996 The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases. The extensions also provide for the storage of authenticated public keys in the DNS. This storage of keys can support general public key distribution service as well as DNS security. The stored keys enable security aware resolvers to learn the authenticating key of zones in addition to those for which they are initially configured. Keys associated with DNS names can be retrieved to support other protocols. Provision is made for a variety of key types and algorithms. In addition, the security extensions provide for the optional authentication of DNS protocol transactions. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnssec-secext-10.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-secext-10.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (193.205.245.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-dnssec-secext-10.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts@ietf.org Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ds.internic.net" Content-Type: text/plain Content-ID: <19960802160759.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnssec-secext-10.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnssec-secext-10.txt"; site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19960802160759.I-D@ietf.org> --OtherAccess-- --NextPart-- Received: from relay.hq.tis.com by neptune.TIS.COM id aa20634; 5 Aug 96 23:23 EDT Received: by relay.hq.tis.com; id XAA06807; Mon, 5 Aug 1996 23:25:47 -0400 Received: from sol.hq.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma006805; Mon, 5 Aug 96 23:25:19 -0400 Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA04354; Mon, 5 Aug 96 23:24:49 EDT Received: by relay.hq.tis.com; id XAA06800; Mon, 5 Aug 1996 23:25:17 -0400 Received: from megamegs.decisive.com(206.171.43.137) by relay.tis.com via smap (V3.1.1) id xma006791; Mon, 5 Aug 96 23:24:48 -0400 Received: from jamie.decisive.com ([206.171.43.189]) by megamegs.decisive.com (post.office MTA v1.9.3 ID# 0-12889) with SMTP id AAA151 for ; Mon, 5 Aug 1996 19:43:15 -0700 Received: by jamie.decisive.com with Microsoft Mail id <01BB830C.A4A14820@jamie.decisive.com>; Mon, 5 Aug 1996 20:28:20 -0700 Message-Id: <01BB830C.A4A14820@jamie.decisive.com> From: Network Education Center To: "'dns-security@tis.com'" Subject: Survey on Continuing Education for Network Computing Professionals Date: Mon, 5 Aug 1996 18:29:06 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: dns-security-approval@neptune.tis.com Precedence: bulk This survey is on behalf of an education center dedicated to the needs = of network computing professionals. We are asking your input to help us = create better education/training programs for you and your company. Your = responses will be completely confidential. If we receive your completed survey by Monday, August 12, 1996, we'll = automatically enter you in a contest for a prize of $1,000; one winner = will be chosen from among those who complete the survey. Thank you in = advance for your help.=20 (Authentication marker -- ~3%e%INTCADX%8%1%454%5CTJVlfE%8021& -- do not = remove.)=20 To respond, create a reply e-mail message that contains the survey. = Some e-mail systems require you to manually copy and paste the survey = into your reply. Make sure the reply contains the *entire* = authentication marker, including what looks like garbage. To answer a question, type an x between the brackets, like this: [ x ]. = For fill-in-the-blanks, type between the brackets like this: [ your = response ]. Please make no other changes to this survey. 1. If for any reason you do NOT want to be contacted in the future via = e-mail, please indicate after the first question by placing an "x" = within the brackets. You will be omitted from future e-mail surveys. [ ] a) Please omit me from future e-mail surveys. 2. What is your company's PRIMARY industry or business? Choose one: [ ] a) Aerospace [ ] b) Communications carrier (telco, broadband, internet) [ ] c) Financial services [ ] d) Healthcare [ ] e) Manufacturing: computer/software [ ] f) Manufacturing: non-computer [ ] g) Government/military [ ] h) Publishing/media/advertising/public relations [ ] i) Transportation/utilities [ ] j) Wholesale/retail: non-computer [ ] k) Education [ ] l) Entertainment [ ] m) Computer reseller/retailer/VAR [ ] n) Systems integration/consulting [ ] o) Other, please specify... [ ] 3. What is your job function? Choose one: [ ] a) IS/MIS/Data processing [ ] b) LAN/network systems [ ] c) Internet/Web [ ] d) Intranet (in-TRA-net) [ ] e) Data communications/telecommunications [ ] f) PC/microcomputer/information center [ ] g) Systems analyst/applications development [ ] h) Systems engineer/integration [ ] i) Other computer-related, please specify... [ ] [ ] j) Executive/corporate office [ ] k) Financial/accounting [ ] l) Engineering/R&D [ ] m) Sales/marketing [ ] n) Other administrative, please specify... [ ] [ ] o) Consulting (computer related) [ ] p) Training/education [ ] q) Other professional, please specify... [ ] 4. Please check the statements below that describe your involvement = with networks. Choose all that apply: [ ] a) I manage networks. [ ] b) I design networks. [ ] c) I install networks. [ ] d) I troubleshoot/fix networks. [ ] e) I train or support network users. [ ] f) I initiate the evaluation of new network technologies. [ ] g) I evaluate or specify brands of network products. [ ] h) I ensure that networks meet specific business or = organizational objectives. 5. What is the scope of your involvement with networking in your = organization? Choose one: [ ] a) Entire organization or enterprise [ ] b) Entire work location [ ] c) Multiple departments at more than one location [ ] d) For a single department only [ ] e) Other 6. How many servers do you have installed in your organization? Choose one: [ ] a) Over 50 [ ] b) 10 to 49 [ ] c) 1 to 9 [ ] d) None 7. How many LANS do you have installed in your organization? Choose one: [ ] a) Over 25 [ ] b) 5 to 24 [ ] c) 1 to 4 [ ] d) None 8. How many microcomputers/workstations are connected to LANS in your = organization? Choose one: [ ] a) 500 or more [ ] b) 25 to 499 [ ] c) 1 to 24 [ ] d) None 9. How many employees do you supervise? Choose one: [ ] a) Up to 3 people [ ] b) 4 to 10 people [ ] c) More than 10 people [ ] d) None 10. Do you yourself have responsibility for networking = education/training provided to employees in your company? Choose one: [ ] a) Yes [ ] b) No [ ] c) Don't know 11. What is the annual budget for education/training for yourself and = those you supervise? Please enter the amount within the following brackets. [ ] 12. During the last 12 months, where did you or those you supervise = receive education/training for networking? Choose all that apply: [ ] a) In-house [ ] b) University/college [ ] c) Seminars [ ] d) Internet [ ] e) Other [ ] f) No education/training on networking was received NOW WE WANT YOUR OPINIONS ABOUT A POSSIBLE EDUCATION CURRICULUM ON = NETWORKING TECHNOLOGIES. For each of the following 10 course = descriptions, please indicate your level of interest. 13. A Network Technologies course covering circuits and fibers; = modulation and modems; LANs; WANs; frames; cell switching; wireless; = satellites; connection-oriented and connectionless service; = characteristics of each technology; addressing; media access; = comparisons. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 14. A Network Interconnection and Internetworking course covering = interconnection technologies; repeaters, bridges, and routers; internet = addressing; address binding; datagram forwarding; techniques to = accomodate heterogeneity (e.g. encapsulation and fragmentation). Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 15. A Network Protocols and Protocol Design course covering protocol = layering; problems protocols solve; loss, reordering, corruption, = congestion, duplication, and replay; techniques such as framing, = checksumming, sliding window, and retransmission; focus on the transport = layer, but cover other layers. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 16. A Routing and Routing Protocols course covering packet forwarding; = route propagation; vector-distance and link-state algorithms; spanning = tree. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 17. A Distributed Programming and Applications course covering = client-server paradigm; socket API; middleware (e.g. RPC and CORBA); = building a server; multithread server execution; protection and = authorization; example applications. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 18. A Network and Protocol Performance Evaluation course covering = throughput and delay; measuring and tuning protocols; instrumentation of = protocol stacks; traffic analysis; self-similar behavior. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 19. A Networking and Protocol Support for Multimedia Applications = course covering high-speed networks; resource allocation and performance = guarantees; protocols for audio and video; techniques such as = compression and delayed playback. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 20. An Advanced Server Design and Implementation course covering = implementation of concurrent, parallel servers; large-scale designs; = proxy servers (e.g., SLIRP); techniques such as buffering, replication, = caching, and application gateways. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 21. An Advanced Routing course covering policy-based routing; = multicast; mobility; inter- and intra-layer encapsulation; longest = prefix forwarding table lookup algorithms; virtual LANS. Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 22. An Advanced Network Applications course covering EDI; electronic = commerce; advanced Web techniques (e.g. Java). Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting 23. What would your level of interest be in taking a group of these = courses as a coordinated curriculum? Choose one: [ ] a) Very interesting [ ] b) Moderately interesting [ ] c) Somewhat interesting [ ] d) Not at all interesting THINKING ABOUT THE CHARACTERISTICS AND BENEFITS OF DIFFERENT TYPES OF = EDUCATION PROGRAMS that could be made available for networking = technologies, please indicate which of the following would be important = to you. 24. A course curriculum leads to an advanced college degree. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 25. Each course generates a document of professional certification. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 26. Course curriculum leads to an overall certification. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 27. Course is available at your place of work. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 28. Course is available at a local university or college campus. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 29. Courses available at an industry event you already attend. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 30. Courses conducted by an advanced educational institute staffed by = networking experts. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 31. A core curriculum of a specified number of courses that would = follow a building educational sequence. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 32. A concentrated face-to-face education program conducted over = consecutive days. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 33. Ability to take class lessons, labs and tests over the Internet = from your desktop. Choose one: [ ] a) Very important [ ] b) Somewhat important [ ] c) Not very important [ ] d) Not at all important [ ] e) No opinion 34. What other thoughts do you have concerning what could be done to = improve educational or training programs on networking technologies? Please write within the brackets. [ ] 35. How many years have you been professionally involved in computing? Choose one: [ ] a) Less than 2 years [ ] b) 2 to 4 years [ ] c) 5 to 10 years [ ] d) More than 10 years 36. Which of the following ranges includes your age? Choose one: [ ] a) 18 to 34 [ ] b) 35 to 44 [ ] c) 45 to 54 [ ] d) 55 and older 37. Which of the following represents your highest level of education? Choose one: [ ] a) Attended high school [ ] b) Graduated high school [ ] c) Attended college [ ] d) Bachelor's degree [ ] e) Master's degree [ ] f) Doctorate degree 38. What do you estimate your total household income was last year? = (Please estimate total income for everyone in your household, including = salaries, wages, bonuses, interest, dividends, etc.) Choose one: [ ] a) Less than $15,000 [ ] b) $15,000 to $24,999 [ ] c) $25,000 to $34,999 [ ] d) $35,000 to $49,999 [ ] e) $50,000 to $74,999 [ ] f) $75,000 to $99,999 [ ] g) $100,000 to $149,999 [ ] h) $150,000 or more [ ] i) Don't know Thank you for participating in this survey. To: IETF-Announce: ;, tis.com@TIS.COM MMDF-Warning: Parse error in original version of preceding line at Message-ID: <9608281020.aa13972@neptune.TIS.COM> neptune.TIS.COM Cc: dns-security@TIS.COM From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnssec-ddi-01.txt Date: Wed, 28 Aug 1996 09:23:59 -0400 Message-Id: <9608280923.aa11736@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk --NextPart A Revised Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Security Working Group of the IETF. Title : Detached Domain Name System Information Author(s) : D. Eastlake Filename : draft-ietf-dnssec-ddi-01.txt Pages : 8 Date : 08/26/1996 A standard format is defined for representing detached DNS information. This is anticipated to be of use for storing information retrieved from the Domain Name System (DNS), including security information, in archival contexts or contexts not connected to the Internet. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnssec-ddi-01.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-ddi-01.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (193.205.245.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-dnssec-ddi-01.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts@ietf.org Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ds.internic.net" Content-Type: text/plain Content-ID: <19960826105019.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnssec-ddi-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnssec-ddi-01.txt"; site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19960826105019.I-D@ietf.org> --OtherAccess-- --NextPart-- To: IETF-Announce: ;, tis.com@TIS.COM MMDF-Warning: Parse error in original version of preceding line at Message-ID: <9608281030.aa14178@neptune.TIS.COM> neptune.TIS.COM Cc: dns-security@TIS.COM From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnssec-update-01.txt Date: Wed, 28 Aug 1996 09:23:48 -0400 Message-Id: <9608280923.aa11683@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk --NextPart A Revised Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Security Working Group of the IETF. Title : Secure Domain Name System Dynamic Update Author(s) : D. Eastlake Filename : draft-ietf-dnssec-update-01.txt Pages : 15 Date : 08/26/1996 Domain Name System (DNS) protocol extensions have been defined to authenticate the data in DNS and provide key distribution services (draft-ietf-dnssec-secext-10.txt). DNS Dynamic Update operations have also been defined (draft-ietf-dnsind-dynDNS-*.txt>, but without a detailed description of strong security for the update operation. This draft describes how to use DNS digital signatures covering requests and data to secure updates and restrict them to those authorized to perform them as indicated by the updater's possession of cryptographic keys. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnssec-update-01.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-update-01.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (193.205.245.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-dnssec-update-01.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts@ietf.org Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ds.internic.net" Content-Type: text/plain Content-ID: <19960826104145.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnssec-update-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnssec-update-01.txt"; site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19960826104145.I-D@ietf.org> --OtherAccess-- --NextPart-- To: IETF-Announce: ;, tis.com@TIS.COM Cc: dns-security@TIS.COM From: Internet-Drafts@ietf.org Reply-To: Internet-Drafts@ietf.org Subject: I-D ACTION:draft-ietf-dnssec-update-01.txt Date: Wed, 28 Aug 1996 09:23:48 -0400 Message-Id: <9608280923.aa11683@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk --NextPart A Revised Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Security Working Group of the IETF. Title : Secure Domain Name System Dynamic Update Author(s) : D. Eastlake Filename : draft-ietf-dnssec-update-01.txt Pages : 15 Date : 08/26/1996 Domain Name System (DNS) protocol extensions have been defined to authenticate the data in DNS and provide key distribution services (draft-ietf-dnssec-secext-10.txt). DNS Dynamic Update operations have also been defined (draft-ietf-dnsind-dynDNS-*.txt>, but without a detailed description of strong security for the update operation. This draft describes how to use DNS digital signatures covering requests and data to secure updates and restrict them to those authorized to perform them as indicated by the updater's possession of cryptographic keys. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-dnssec-update-01.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-dnssec-update-01.txt Internet-Drafts directories are located at: o Africa Address: ftp.is.co.za (196.4.160.8) o Europe Address: nic.nordu.net (192.36.148.17) Address: ftp.nis.garr.it (193.205.245.10) o Pacific Rim Address: munnari.oz.au (128.250.1.21) o US East Coast Address: ds.internic.net (198.49.45.10) o US West Coast Address: ftp.isi.edu (128.9.0.32) Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-dnssec-update-01.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. For questions, please mail to Internet-Drafts@ietf.org Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="mailserv@ds.internic.net" Content-Type: text/plain Content-ID: <19960826104145.I-D@ietf.org> ENCODING mime FILE /internet-drafts/draft-ietf-dnssec-update-01.txt --OtherAccess Content-Type: Message/External-body; name="draft-ietf-dnssec-update-01.txt"; site="ds.internic.net"; access-type="anon-ftp"; directory="internet-drafts" Content-Type: text/plain Content-ID: <19960826104145.I-D@ietf.org> --OtherAccess-- --NextPart-- -- John C. Kelley System Administrator (301) 854-6889 Trusted Information Systems, Inc. (301) 854-5363 FAX 3060 Washington Road johnk@tis.com (work) Glenwood, MD 21738 johnk@radix.net (play) To: IETF-Announce: ;, tis.com@TIS.COM Cc: RFC Editor Cc: Internet Architecture Board Cc: dns-security@TIS.COM From: The IESG Subject: Protocol Action: Domain Name System Security Extensions to Proposed Standard Date: Wed, 28 Aug 1996 10:57:37 -0400 Message-Id: <9608281057.aa17308@ietf.org> Sender: dns-security-approval@neptune.tis.com Precedence: bulk The IESG has approved the Internet-Draft "Domain Name System Security Extensions" as a Proposed Standard. The IESG contact person is Jeffrey I. Schiller. Technical Summary This document describes security extensions to the Internet Domain Name System (DNS). These security extensions permit security aware resolvers to authenticate and verify the integrity of information stored in secured zones in the DNS. It makes use of public key cryptography and digital signatures to provide these services. In addition to providing integrity assured DNS lookups this proposal provides a mechanism to store and distribute public keys that may be used for other applications. Working Group Summary This document is the primary output of the DNS Security Working Group. At least one implementation of this proposal exists and the working group has come to consensus on this protocol. Protocol Quality This protocol has been reviewed by Jeffrey I. Schiller, Security Area Director. To: dns-security@TIS.COM, gnu@toad.com Subject: Announcement of DNS Security in production BIND tree Date: Thu, 29 Aug 1996 19:07:39 -0700 From: John Gilmore Sender: dns-security-approval@neptune.tis.com Precedence: bulk Message-ID: <9608300805.aa20509@neptune.TIS.COM> Paul Vixie has released a test version of BIND which contains some DNS Security features. The release is available now at ftp://ftp.vix.com/pub/bind/testing/bind-4.9.5-T3B.tar.gz. Only the existence of KEY and SIG records is implemented in this BIND. There is no cryptography implemented; the signatures are never checked. This permits keys and signatures to be stored and retrieved in a completely exportable version of BIND, which is part of the main production BIND evolution. The released code is partly based on IBM changes for Dynamic DNS, and is partly original with me. It was not based on TIS's version because of their export control concerns and restrictive copyrights (which have since been almost resolved). The State Department has approved TIS's request to export their cryptographic version of BIND. TIS is now waiting for final Commerce Dept. approval. When they receive it, I will work with them and Paul to merge their version into the production BIND sources, and to add further cryptographic code to the resolver, to provide production-quality, worldwide, end-to-end cryptovalidation of DNS resource records. In the meantime, TIS's release is useful for experimentation, and for generating offline KEY and SIG records (which can then be served to the world with the just-released production BIND server). I encourage all organizations who are interested in Secure DNS to upgrade their organization's production copy of BIND to Paul's latest release. This will facilitate Secure DNS testing and deployment. I have started a mailing list for people who are interested in deploying Secure DNS in production use. There is also for top-level domain service providers to work out their issues with Secure DNS. Send me email at postmaster@toad.com if you'd like to join either list. This is the first software release from my S/WAN (Secure Wide Area Network) project, whose ultimate goal is to provide transparent improvements to the privacy and security of all Internet communications. See http://www.cygnus.com/~gnu/swan.html. Thank you for supporting the ongoing securing of the Internet infrastructure. John Gilmore Received: from relay.hq.tis.com by neptune.TIS.COM id aa24782; 30 Aug 96 12:05 EDT Received: by relay.hq.tis.com; id MAA17055; Fri, 30 Aug 1996 12:08:36 -0400 Received: from sol.hq.tis.com(10.33.1.100) by relay.tis.com via smap (V3.1.1) id xma017044; Fri, 30 Aug 96 12:08:06 -0400 Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA20208; Fri, 30 Aug 96 12:07:24 EDT Received: by relay.hq.tis.com; id MAA17041; Fri, 30 Aug 1996 12:08:04 -0400 Received: from kerby.cybersafe.com(192.156.168.6) by relay.tis.com via smap (V3.1.1) id xma017035; Fri, 30 Aug 96 12:07:51 -0400 Received: from pinky.cybersafe.com (pinky.cybersafe.com [192.156.168.33]) by kerby.cybersafe.com (8.7.5/8.7.3/8.7.5, dpg hack 30jul96) with SMTP id JAA14179; Fri, 30 Aug 1996 09:10:11 -0700 (PDT) Received: by pinky.cybersafe.com (NX5.67f2/NX3.0S) id AA10185; Fri, 30 Aug 96 09:10:10 -0700 Message-Id: <9608301610.AA10185@pinky.cybersafe.com> Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Received: by NeXT.Mailer (1.118.2) From: Dennis Glatting Date: Fri, 30 Aug 96 09:10:09 -0700 To: John Gilmore Subject: Re: Announcement of DNS Security in production BIND tree Cc: dns-security@TIS.COM Reply-To: dennis.glatting@cybersafe.com References: <9608300805.aa20509@neptune.TIS.COM> Sender: dns-security-approval@neptune.tis.com Precedence: bulk Is the release subject to the same DNS bug that has been causing havoc across the Internet? -dpg Message-Id: <199608301703.KAA20724@toad.com> To: dennis.glatting@cybersafe.com Cc: John Gilmore , dns-security@TIS.COM, gnu@toad.com Subject: Re: Announcement of DNS Security in production BIND tree In-Reply-To: <9608301610.AA10185@pinky.cybersafe.com> Date: Fri, 30 Aug 1996 10:03:10 -0700 From: John Gilmore Sender: dns-security-approval@neptune.tis.com Precedence: bulk > Is the release subject to the same DNS bug that has been > causing havoc across the Internet? All 4.9.5 releases include the fix. The problem was in 4.9.4-REL, fixed in 4.9.4-P1. The widespread problems occurred some time after the -P1 release was out, but before all the root servers had upgraded to -P1. John Received: from relay.hq.tis.com by neptune.TIS.COM id aa00506; 30 Aug 96 17:31 EDT Received: by relay.hq.tis.com; id RAA28258; Fri, 30 Aug 1996 17:34:40 -0400 Received: from sol.hq.tis.com(10.33.1.100) by relay.tis.com via smap (V3.1.1) id xma028251; Fri, 30 Aug 96 17:34:16 -0400 Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA07538; Fri, 30 Aug 96 17:33:30 EDT Received: by relay.hq.tis.com; id RAA28242; Fri, 30 Aug 1996 17:34:10 -0400 Received: from marceau.fm.intel.com(132.233.247.8) by relay.tis.com via smap (V3.1.1) id xma028239; Fri, 30 Aug 96 17:33:46 -0400 Received: from fmmail.fm.intel.com by marceau.fm.intel.com (8.7.4/10.0i); Fri, 30 Aug 1996 21:36:05 GMT Received: (from ccmgate@localhost) by fmmail.fm.intel.com (8.7.4/8.7.3) id OAA13713; Fri, 30 Aug 1996 14:35:43 -0700 (PDT) Received: by ccm.fm.intel.com (ccmgate 3.2 #2) Fri, 30 Aug 96 14:35:43 PDT Date: Fri, 30 Aug 96 14:16:00 PDT From: Viraj Bais Message-Id: To: dns-security-request@neptune.tis.com, dns-security@TIS.COM, gnu@toad.com Subject: Re: Announcement of DNS Security in production BIND tree Sender: dns-security-approval@neptune.tis.com Precedence: bulk Text item: I have not seen any Dynamic DNS changes from IBM or Intel in the bind-4.9.5-T3B version. Viraj Bais ______________________________ Reply Separator _________________________________ Subject: Announcement of DNS Security in production BIND tree Author: dns-security-request@neptune.hq.tis.com at SMTPGATE Date: 8/29/96 7:07 PM Paul Vixie has released a test version of BIND which contains some DNS Security features. The release is available now at ftp://ftp.vix.com/pub/bind/testing/bind-4.9.5-T3B.tar.gz. Only the existence of KEY and SIG records is implemented in this BIND. There is no cryptography implemented; the signatures are never checked. This permits keys and signatures to be stored and retrieved in a completely exportable version of BIND, which is part of the main production BIND evolution. The released code is partly based on IBM changes for Dynamic DNS, and is partly original with me. It was not based on TIS's version because of their export control concerns and restrictive copyrights (which have since been almost resolved). The State Department has approved TIS's request to export their cryptographic version of BIND. TIS is now waiting for final Commerce Dept. approval. When they receive it, I will work with them and Paul to merge their version into the production BIND sources, and to add further cryptographic code to the resolver, to provide production-quality, worldwide, end-to-end cryptovalidation of DNS resource records. In the meantime, TIS's release is useful for experimentation, and for generating offline KEY and SIG records (which can then be served to the world with the just-released production BIND server). I encourage all organizations who are interested in Secure DNS to upgrade their organization's production copy of BIND to Paul's latest release. This will facilitate Secure DNS testing and deployment. I have started a mailing list for people who are interested in deploying Secure DNS in production use. There is also for top-level domain service providers to work out their issues with Secure DNS. Send me email at postmaster@toad.com if you'd like to join either list. This is the first software release from my S/WAN (Secure Wide Area Network) project, whose ultimate goal is to provide transparent improvements to the privacy and security of all Internet communications. See http://www.cygnus.com/~gnu/swan.html. Thank you for supporting the ongoing securing of the Internet infrastructure. John Gilmore Text item: External Message Header The following mail header is for administrative use and may be ignored unless there are problems. ***IF THERE ARE PROBLEMS SAVE THESE HEADERS***. Message-ID: <9608300805.aa20509@neptune.TIS.COM> Precedence: bulk Sender: dns-security-approval@neptune.hq.tis.com From: John Gilmore Date: Thu, 29 Aug 1996 19:07:39 -0700 Subject: Announcement of DNS Security in production BIND tree To: dns-security@TIS.COM, gnu@toad.com Received: from neptune.tis.com by neptune.TIS.COM id aa20515; 30 Aug 96 8:09 EDT Received: by neptune.TIS.COM id aa20714; 30 Aug 96 8:24 EDT Received: from TIS.COM by marceau.fm.intel.com (8.7.4/10.0i); Fri, 30 Aug 1996 1 7:26:19 GMT Received: from marceau.fm.intel.com (marceau.fm.intel.com [132.233.247.8]) by fm mail.fm.intel.com (8.7.4/8.7.3) with ESMTP id KAA03099 for ; Fri, 30 Aug 1996 10:26:39 -0700 (PDT) Return-Path: dns-security-request@neptune.hq.tis.com