| < draft-bellis-dnsop-edns-tags-00.txt | draft-bellis-dnsop-edns-tags-01.txt > | |||
|---|---|---|---|---|
| DNSOP Working Group R. Bellis | DNSOP Working Group R. Bellis | |||
| Internet-Draft A. Clegg | Internet-Draft A. Clegg | |||
| Intended status: Standards Track ISC | Intended status: Standards Track ISC | |||
| Expires: September 5, 2019 March 04, 2019 | Expires: September 26, 2019 P. van Dijk | |||
| PowerDNS | ||||
| March 25, 2019 | ||||
| DNS EDNS Tags | DNS EDNS Tags | |||
| draft-bellis-dnsop-edns-tags-00 | draft-bellis-dnsop-edns-tags-01 | |||
| Abstract | Abstract | |||
| This document describes EDNS Tags, a mechanism by which DNS clients | This document describes EDNS Tags, a mechanism by which DNS clients | |||
| and servers can transmit an opaque data field which has no defined | and servers can transmit an opaque data field which has no defined | |||
| semantic meaning other than as previously agreed between the client | semantic meaning other than as previously agreed between the client | |||
| and server. | and server. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 5, 2019. | This Internet-Draft will expire on September 26, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 3. Description . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Packet Validation Rules . . . . . . . . . . . . . . . . . 3 | 3.1. Packet Validation Rules . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. Error Handling . . . . . . . . . . . . . . . . . . . . . 3 | 3.2. Error Handling . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.3. Wire Format . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.3. Wire Format . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3.1. EDNS-Client-Tag . . . . . . . . . . . . . . . . . . . 3 | 3.3.1. EDNS-Client-Tag . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3.2. EDNS-Server-Tag . . . . . . . . . . . . . . . . . . . 4 | 3.3.2. EDNS-Server-Tag . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Implementation status . . . . . . . . . . . . . . . . . . . . 4 | 5. Implementation status . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 5 | 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 | 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 1. Introduction | 1. Introduction | |||
| This document describes EDNS Tags, a mechanism by which DNS clients | This document describes EDNS Tags, a mechanism by which DNS clients | |||
| and servers [RFC1034] can transmit an opaque data field which has no | and servers [RFC1034] can transmit an opaque data field which has no | |||
| skipping to change at page 2, line 50 ¶ | skipping to change at page 3, line 9 ¶ | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 3. Description | 3. Description | |||
| The values of the individual bits within a tag are not defined to | The values of the individual bits within a tag are not defined to | |||
| have any semantic meaning in this specification. Their | have any semantic meaning in this specification. Their | |||
| interpretation is defined entirely by bi-lateral agreement between | interpretation is defined entirely by out-of-band bilateral agreement | |||
| client and server operators. The definitions for EDNS-Client-Tag and | between client and server operators. | |||
| EDNS-Server-Tag values MAY be different. | ||||
| Operators are free to partition the bits within that field as they | Operators are free to partition the bits within that field as they | |||
| see fit; for example it could be used to transmit up to 16 separate | see fit; for example it could be used to transmit up to 16 separate | |||
| boolean flags, or perhaps to transmit a 10 bit numeric value combined | boolean flags, or perhaps to transmit a 10 bit numeric value combined | |||
| a 2 bit value and four boolean flags. | a 2 bit value and four boolean flags. | |||
| The intended mode of operation is that the value of a bit (or range | ||||
| of bits) could be tested in access control lists or any other such | ||||
| policy control mechanism. | ||||
| Possible use cases for EDNS-Client-Tags include: | Possible use cases for EDNS-Client-Tags include: | |||
| o client-controlled selection of a DNS-based security filter | o client-controlled selection of a DNS-based security filter | |||
| o marking a packet passing through a proxy with transport-related | o marking a packet passing through a proxy with transport-related | |||
| information | information | |||
| Use cases for EDNS-Server-Tags are still to be determined. The | Use cases for EDNS-Server-Tags are still to be determined. The | |||
| option is specified here for symmetry and in anticipation of new use | option is specified here for symmetry and in anticipation of new use | |||
| cases being discovered. | cases being discovered. The semantic definitions for EDNS-Client-Tag | |||
| and EDNS-Server-Tag values MAY be different; they need not be | ||||
| symmetrical. | ||||
| 3.1. Packet Validation Rules | 3.1. Packet Validation Rules | |||
| The OPT RR in a DNS request packet (QR = 0) MUST NOT contain an EDNS- | The OPT RR in a DNS request packet (QR = 0) MUST NOT contain an EDNS- | |||
| Server-Tag option. A request packet MUST NOT contain more than one | Server-Tag option. A request packet MUST NOT contain more than one | |||
| EDNS-Client-Tag option. | EDNS-Client-Tag option. | |||
| The OPT RR in a DNS response packet (QR = 1) MUST NOT contain an | The OPT RR in a DNS response packet (QR = 1) MUST NOT contain an | |||
| EDNS-Client-Tag option. A response packet MUST NOT contain more than | EDNS-Client-Tag option. A response packet MUST NOT contain more than | |||
| one EDNS-Server-Tag option. | one EDNS-Server-Tag option. | |||
| skipping to change at page 4, line 42 ¶ | skipping to change at page 5, line 5 ¶ | |||
| OPTION-LENGTH: Size (in octets) of OPTION-DATA. MUST be 2. | OPTION-LENGTH: Size (in octets) of OPTION-DATA. MUST be 2. | |||
| SERVER-TAG-DATA: The tag field sent from server to client. | SERVER-TAG-DATA: The tag field sent from server to client. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| Client tags are under the control of the client software and as such | Client tags are under the control of the client software and as such | |||
| (and in the absence of any other mechanism to authenticate the | (and in the absence of any other mechanism to authenticate the | |||
| client's identity) this mechanism is not appropriate for applications | client's identity) this mechanism is not appropriate for applications | |||
| where the DNS server operator wishes to contractually differentiate | where the DNS server operator wishes to contractually differentiate | |||
| service based on the presence (or absence) of any particular tag. | service based on the interpretation of the tag's value. | |||
| 5. Implementation status | 5. Implementation status | |||
| TBC. | TBC. | |||
| 6. Privacy Considerations | 6. Privacy Considerations | |||
| Tags are opaque fields that encode only a limited amount of | Tags are opaque fields that encode only a limited amount of | |||
| information. The size of the data field in this specification is | information. The size of the data field in this specification is | |||
| chosen to offer a compromise between offering sufficient content to | chosen to offer a compromise between offering sufficient content to | |||
| skipping to change at line 251 ¶ | skipping to change at page 6, line 28 ¶ | |||
| Email: ray@isc.org | Email: ray@isc.org | |||
| Alan Clegg | Alan Clegg | |||
| Internet Systems Consortium, Inc. | Internet Systems Consortium, Inc. | |||
| 950 Charter Street | 950 Charter Street | |||
| Redwood City CA 94063 | Redwood City CA 94063 | |||
| USA | USA | |||
| Phone: +1 650 423 1200 | Phone: +1 650 423 1200 | |||
| Email: aclegg@isc.org | Email: aclegg@isc.org | |||
| Peter van Dijk | ||||
| PowerDNS.COM B.V. | ||||
| Den Haag | ||||
| The Netherlands | ||||
| Email: peter.van.dijk@powerdns.com | ||||
| End of changes. 11 change blocks. | ||||
| 12 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||