| < draft-ietf-dane-srv-04.txt | draft-ietf-dane-srv-05.txt > | |||
|---|---|---|---|---|
| DNS-Based Authentication of Named Entities (DANE) T. Finch | DNS-Based Authentication of Named Entities (DANE) T. Finch | |||
| Internet-Draft University of Cambridge | Internet-Draft University of Cambridge | |||
| Intended status: Standards Track M. Miller | Intended status: Standards Track M. Miller | |||
| Expires: August 15, 2014 Cisco Systems, Inc. | Expires: August 17, 2014 Cisco Systems, Inc. | |||
| P. Saint-Andre | P. Saint-Andre | |||
| &yet | &yet | |||
| February 11, 2014 | February 13, 2014 | |||
| Using DNS-Based Authentication of Named Entities (DANE) TLSA records | Using DNS-Based Authentication of Named Entities (DANE) TLSA records | |||
| with SRV and MX records. | with SRV and MX records. | |||
| draft-ietf-dane-srv-04 | draft-ietf-dane-srv-05 | |||
| Abstract | Abstract | |||
| The DANE specification (RFC 6698) describes how to use TLSA resource | The DANE specification (RFC 6698) describes how to use TLSA resource | |||
| records in the DNS to associate a server's host name with its TLS | records in the DNS to associate a server's host name with its TLS | |||
| certificate. The association is secured with DNSSEC. Some | certificate. The association is secured with DNSSEC. Some | |||
| application protocols use SRV records (RFC 2782) to indirectly name | application protocols use SRV records (RFC 2782) to indirectly name | |||
| the server hosts for a service domain (SMTP uses MX records for the | the server hosts for a service domain (SMTP uses MX records for the | |||
| same purpose). This specification gives generic instructions for how | same purpose). This specification gives generic instructions for how | |||
| these application protocols locate and use TLSA records when | these application protocols locate and use TLSA records when | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 15, 2014. | This Internet-Draft will expire on August 17, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 24 ¶ | skipping to change at page 2, line 24 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Relation between SRV and MX records . . . . . . . . . . . . . 3 | 3. Relation between SRV and MX records . . . . . . . . . . . . . 3 | |||
| 4. DNS Checks for TLSA and SRV Records . . . . . . . . . . . . . 4 | 4. DNS Checks for TLSA and SRV Records . . . . . . . . . . . . . 4 | |||
| 4.1. SRV Query . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4.1. SRV Query . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4.2. TLSA Queries . . . . . . . . . . . . . . . . . . . . . . 5 | 4.2. TLSA Queries . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. TLS Checks for TLSA and SRV Records . . . . . . . . . . . . . 6 | 5. TLS Checks for TLSA and SRV Records . . . . . . . . . . . . . 6 | |||
| 6. Guidance for Application Protocols . . . . . . . . . . . . . 6 | 6. Guidance for Application Protocols . . . . . . . . . . . . . 7 | |||
| 7. Guidance for Server Operators . . . . . . . . . . . . . . . . 7 | 7. Guidance for Server Operators . . . . . . . . . . . . . . . . 7 | |||
| 8. Internationalization Considerations . . . . . . . . . . . . . 7 | 8. Internationalization Considerations . . . . . . . . . . . . . 8 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 10.1. Mixed Security Status . . . . . . . . . . . . . . . . . 8 | 10.1. Mixed Security Status . . . . . . . . . . . . . . . . . 8 | |||
| 10.2. A Service Domain Trusts its Servers . . . . . . . . . . 8 | 10.2. A Service Domain Trusts its Servers . . . . . . . . . . 8 | |||
| 10.3. Certificate Subject Name Matching . . . . . . . . . . . 8 | 10.3. Certificate Subject Name Matching . . . . . . . . . . . 9 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . 10 | 12.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Mail Example . . . . . . . . . . . . . . . . . . . . 10 | Appendix A. Mail Example . . . . . . . . . . . . . . . . . . . . 11 | |||
| Appendix B. XMPP Example . . . . . . . . . . . . . . . . . . . . 10 | Appendix B. XMPP Example . . . . . . . . . . . . . . . . . . . . 11 | |||
| Appendix C. Rationale . . . . . . . . . . . . . . . . . . . . . 11 | Appendix C. Rationale . . . . . . . . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Introduction | 1. Introduction | |||
| The base DANE specification [RFC6698] describes how to use TLSA | The base DANE specification [RFC6698] describes how to use TLSA | |||
| resource records in the DNS to associate a server's host name with | resource records in the DNS to associate a server's host name with | |||
| its TLS certificate. The association is secured using DNSSEC. That | its TLS certificate. The association is secured using DNSSEC. That | |||
| document "only relates to securely associating certificates for TLS | document "only relates to securely associating certificates for TLS | |||
| and DTLS with host names" (see the last paragraph of section 1.2 of | and DTLS with host names" (see the last paragraph of section 1.2 of | |||
| [RFC6698]). | [RFC6698]). | |||
| Some application protocols do not use host names directly; instead, | Some application protocols do not use host names directly; instead, | |||
| they use a service domain and the relevant host names are located | they use a service domain and the relevant host names are located | |||
| indirectly via SRV records [RFC2782], or MX records in the case of | indirectly via SRV records [RFC2782], or MX records in the case of | |||
| SMTP [RFC5321]. (Note: in the "CertID" specification [RFC6125], the | SMTP [RFC5321] (Note: in the "CertID" specification [RFC6125], the | |||
| source domain and host name are referred to as the "source domain" | source domain and host name are referred to as the "source domain" | |||
| and the "derived domain".) Because of this intermediate resolution | and the "derived domain"). Because of this intermediate resolution | |||
| step, the normal DANE rules specified in [RFC6698] do not directly | step, the normal DANE rules specified in [RFC6698] do not directly | |||
| apply to protocols that use SRV or MX records. | apply to protocols that use SRV or MX records. | |||
| This document describes how to use DANE TLSA records with SRV and MX | This document describes how to use DANE TLSA records with SRV and MX | |||
| records. To summarize: | records. To summarize: | |||
| o We rely on DNSSEC to secure the association between the service | o We rely on DNSSEC to secure the association between the service | |||
| domain and the target server host names (i.e., the host names that | domain and the target server host names (i.e., the host names that | |||
| are discovered by the SRV or MX query). | are discovered by the SRV or MX query). | |||
| skipping to change at page 3, line 38 ¶ | skipping to change at page 3, line 38 ¶ | |||
| application protocols, such as SMTP [I-D.ietf-dane-smtp-with-dane] | application protocols, such as SMTP [I-D.ietf-dane-smtp-with-dane] | |||
| and XMPP [I-D.ietf-xmpp-dna]. | and XMPP [I-D.ietf-xmpp-dna]. | |||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this memo are to be interpreted as described in | "OPTIONAL" in this memo are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| This draft uses the definitions for "secure", "insecure", "bogus", | ||||
| and "indeterminate" from [RFC4035]. This draft uses the acronyms | ||||
| from [I-D.ietf-dane-registry-acronyms] for the values of TLSA fields | ||||
| where appropriate. | ||||
| 3. Relation between SRV and MX records | 3. Relation between SRV and MX records | |||
| For the purpose of this specification (to avoid cluttering the | For the purpose of this specification (to avoid cluttering the | |||
| description with special cases) we treat each MX record ([RFC5321] | description with special cases) we treat each MX record ([RFC5321] | |||
| section 5) as being equivalent to an SRV record [RFC2782] with | section 5) as being equivalent to an SRV record [RFC2782] with | |||
| corresponding fields copied from the MX record and the remaining | corresponding fields copied from the MX record and the remaining | |||
| fields having fixed values as follows: | fields having fixed values as follows: | |||
| Table 1: SRV Fields and MX Equivalents | Table 1: SRV Fields and MX Equivalents | |||
| +---------------+-----------------------------+ | +---------------+-----------------------------+ | |||
| | DNS SRV Field | Equivalent MX Value | | | DNS SRV Field | Equivalent MX Value | | |||
| +---------------+-----------------------------+ | +---------------+-----------------------------+ | |||
| | Service | smtp | | | Service | smtp | | |||
| +---------------+-----------------------------+ | +---------------+-----------------------------+ | |||
| | Proto | tcp | | | Proto | tcp | | |||
| +---------------+-----------------------------+ | +---------------+-----------------------------+ | |||
| | Name | MX owner name (mail domain) | | | Name | MX owner name (mail domain) | | |||
| +---------------+-----------------------------+ | +---------------+-----------------------------+ | |||
| | TTL | MX TTL | | | TTL | MX TTL | | |||
| skipping to change at page 4, line 46 ¶ | skipping to change at page 4, line 49 ¶ | |||
| 4. DNS Checks for TLSA and SRV Records | 4. DNS Checks for TLSA and SRV Records | |||
| 4.1. SRV Query | 4.1. SRV Query | |||
| When the client makes an SRV query, a successful result will be a | When the client makes an SRV query, a successful result will be a | |||
| list of one or more SRV records (or possibly a chain of CNAME / DNAME | list of one or more SRV records (or possibly a chain of CNAME / DNAME | |||
| aliases referring to such a list). | aliases referring to such a list). | |||
| For this specification to apply, all of these DNS RRsets MUST be | For this specification to apply, all of these DNS RRsets MUST be | |||
| "secure" according to DNSSSEC validation ([RFC4033] section 5). In | "secure" according to DNSSSEC validation ([RFC4033] section 5). In | |||
| the case of aliases, the whole chain MUST be secure as well as the | the case of aliases, the whole chain of CNAME and DNAME RRsets MUST | |||
| ultimate target. (This corresponds to the AD bit being set in the | be secure as well. This corresponds to the AD bit being set in the | |||
| response(s) - see [RFC4035] section 3.2.3.) | response(s); see [RFC4035] section 3.2.3. | |||
| If they are not all secure, this protocol has not been fully | ||||
| If they are not all secure, this protocol has not been correctly | ||||
| deployed. The client SHOULD fall back to its non-DNSSEC non-DANE | deployed. The client SHOULD fall back to its non-DNSSEC non-DANE | |||
| behavior. (This corresponds to the AD bit being unset.) | behavior (this corresponds to the AD bit being unset). | |||
| If any of the responses is "bogus" according to DNSSEC validation, | If any of the responses are "bogus" or "indeterminate" according to | |||
| the client MUST abort. (This usually corresponds to a "server | DNSSEC validation, the client MUST abort (This usually corresponds to | |||
| failure" response.) | a "server failure" response). | |||
| In the successful case, the client now has an authentic list of | In the successful case, the client now has an authentic list of | |||
| server host names with weight and priority values. It performs | server host names with weight and priority values. It performs | |||
| server ordering and selection using the weight and priority values | server ordering and selection using the weight and priority values | |||
| without regard to the presence or absence of DNSSEC or TLSA records. | without regard to the presence or absence of DNSSEC or TLSA records. | |||
| It takes note of the DNSSEC validation status of the SRV response for | It takes note of the DNSSEC validation status of the SRV response for | |||
| use when checking certificate names (see Section 5). | use when checking certificate names (see Section 5). | |||
| 4.2. TLSA Queries | 4.2. TLSA Queries | |||
| If the SRV response was insecure or indeterminate, the client MUST | If the SRV response was insecure, the client MUST NOT perform any | |||
| NOT perform any TLSA queries. If the SRV response is secure | TLSA queries. If the SRV response is "secure" according to DNSSEC | |||
| according to DNSSEC validation, the client performs a TLSA query for | validation, the client performs a TLSA query for each SRV target as | |||
| each SRV target as describes in this section. | described in this section. | |||
| For each SRV target host name, if the response to the address (A or | For each SRV target host name, the client performs DNSSEC validation | |||
| AAAA) query is insecure or indeterminate, the client MUST NOT perform | on the address (A, AAAA) response and continues based on the results: | |||
| a TLSA query for that target; the TLSA a query will most likely fail. | ||||
| o if the response is "insecure", the client MUST NOT perform a TLSA | ||||
| query for that target; the TLSA query will most likely fail. | ||||
| o If the response is "bogus" or "indeterminate", the client MUST NOT | ||||
| connect to this host name; instead it uses the next most | ||||
| appropriate SRV target. | ||||
| The client SHALL construct the TLSA query name as described in | The client SHALL construct the TLSA query name as described in | |||
| [RFC6698] section 3, based on fields from the SRV record: the port | [RFC6698] section 3, based on fields from the SRV record: the port | |||
| from the SRV RDATA, the protocol from the SRV query name, and the | from the SRV RDATA, the protocol from the SRV query name, and the | |||
| TLSA base domain set to the SRV target host name. | TLSA base domain set to the SRV target host name. | |||
| For example, the following SRV record leads to the TLSA query shown | For example, the following SRV record leads to the TLSA query shown | |||
| below: | below: | |||
| _imap._tcp.example.com. 86400 IN SRV 10 0 143 imap.example.net. | _imap._tcp.example.com. 86400 IN SRV 10 0 143 imap.example.net. | |||
| _143._tcp.imap.example.net. IN TLSA ? | _143._tcp.imap.example.net. IN TLSA ? | |||
| The client SHALL determine if the TLSA record(s) are usable according | The client SHALL determine if the TLSA record(s) are usable according | |||
| to section 4.1 of [RFC6698]. This affects SRV handling as follows: | to section 4.1 of [RFC6698]. This affects SRV handling as follows: | |||
| If the TLSA response is "secure", the client MUST use TLS when | If the TLSA response is "secure", the client MUST use TLS when | |||
| connecting to the server. The TLSA records are used when validating | connecting to the server. The TLSA records are used when validating | |||
| the server's certificate as described under Section 5. | the server's certificate as described under Section 5. | |||
| If the TLSA response is "insecure" or "indeterminate", the client | If the TLSA response is "insecure", the client SHALL proceed as if | |||
| SHALL proceed as if this server has no TLSA records. It MAY connect | this server has no TLSA records. It MAY connect to the server with | |||
| to the server with or without TLS. | or without TLS. | |||
| If the TLSA response is "bogus", then the client MUST NOT connect to | If the TLSA response is "bogus" or "indeterminate", then the client | |||
| the corresponding server. (The client can still use other SRV | MUST NOT connect to this server (the client can still use other SRV | |||
| targets.) | targets). | |||
| 5. TLS Checks for TLSA and SRV Records | 5. TLS Checks for TLSA and SRV Records | |||
| When connecting to a server, the client MUST use TLS if the responses | When connecting to a server, the client MUST use TLS if the responses | |||
| to the SRV and TLSA queries were "secure" as described above. If the | to the SRV and TLSA queries were "secure" as described above. If the | |||
| client received zero usable TLSA certificate associations, it SHALL | client received zero usable TLSA certificate associations, it SHALL | |||
| validate the server's TLS certificate using the normal PKIX rules | validate the server's TLS certificate using the normal PKIX rules | |||
| [RFC5280] or protocol-specific rules (e.g., following [RFC6125]) | [RFC5280] or protocol-specific rules (e.g., following [RFC6125]) | |||
| without further input from the TLSA records. If the client received | without further input from the TLSA records. If the client received | |||
| one or more usable TLSA certificate associations, it SHALL process | one or more usable TLSA certificate associations, it SHALL process | |||
| them as described in [RFC6698] section 2.1. | them as described in [RFC6698] section 2.1. | |||
| If a usable TLSA record with Certificate Usage "3" matches the TLS | If the TLS server's certificate -- or the public key of the server's | |||
| server's certificate, or public key for the certificate, all other | certificate -- matches a usable TLSA record with Certificate Usage | |||
| validation and verification checks MAY be ignored (e.g., reference | "DANE-EE", the client MUST consider the server to be authenticated. | |||
| identifier, key usage, expiration, issuance, etc.). | Because the information in such a TLSA record supersedes the non-key | |||
| information in the certificate, all other [RFC5280] and [RFC6125] | ||||
| authentication checks (e.g., reference identifier, key usage, | ||||
| expiration, issuance, etc.) MUST be ignored or omitted. | ||||
| Otherwise, the client uses the DNSSEC validation status of the SRV | Otherwise, the client uses the information in the server certificate | |||
| query in its server certificate identity checks. It SHOULD use the | and DNSSEC validation status of the SRV query in its authentication | |||
| Server Name Indication extension (TLS SNI) [RFC6066] or its | checks. It SHOULD use the Server Name Indication extension (TLS SNI) | |||
| functional equivalent in the relevant application protocol (e.g., in | [RFC6066] or its functional equivalent in the relevant application | |||
| XMPP [RFC6120] this is the the 'to' address of the initial stream | protocol (e.g., in XMPP [RFC6120] this is the 'to' address of the | |||
| header). The preferred name SHALL be chosen as follows, and the | initial stream header). The preferred name SHALL be chosen as | |||
| client SHALL verify the identity asserted by the server's certificate | follows, and the client SHALL verify the identity asserted by the | |||
| according to [RFC6125] section 6, using a list of reference | server's certificate according to [RFC6125] section 6, using a list | |||
| identifiers constructed as follows. (Note again that in RFC 6125 the | of reference identifiers constructed as follows (note again that in | |||
| terms "source domain" and "derived domain" refer to the same things | RFC 6125 the terms "source domain" and "derived domain" refer to the | |||
| as "service domain" and "target host name" in this document.) | same things as "service domain" and "target host name" in this | |||
| document). | ||||
| SRV is insecure or indeterminate: The reference identifiers SHALL | SRV is insecure: The reference identifiers SHALL include the service | |||
| include the service domain and MUST NOT include the SRV target | domain and MUST NOT include the SRV target host name. The service | |||
| host name. The service domain is the preferred name for TLS SNI | domain is the preferred name for TLS SNI or its equivalent. | |||
| or its equivalent. | ||||
| SRV is secure: The reference identifiers SHALL include both the | SRV is secure: The reference identifiers SHALL include both the | |||
| service domain and the SRV target host name. The target host name | service domain and the SRV target host name. The target host name | |||
| is the preferred name for TLS SNI or its equivalent. | is the preferred name for TLS SNI or its equivalent. | |||
| (In the latter case, the client will accept either identity so that | In the latter case, the client will accept either identity so that it | |||
| it is compatible with servers that do and do not support this | is compatible with servers that do and do not support this | |||
| specification.) | specification. | |||
| 6. Guidance for Application Protocols | 6. Guidance for Application Protocols | |||
| Separate documents describe how to apply this specification to | Separate documents describe how to apply this specification to | |||
| particular application protocols. If you are writing such as | particular application protocols. Such documents ought to cover the | |||
| document the following points ought to be covered: | following points: | |||
| o Fallback logic in the event of bogus replies and the like. | o Fallback logic in the event of bogus replies and the like. | |||
| o The use of TLS SNI or its functional equivalent. | ||||
| o Appropriate mappings for non-SRV technologies such as MX. | ||||
| o Compatibility with clients that do not support SRV lookups. | o Compatibility with clients that do not support SRV lookups. | |||
| 7. Guidance for Server Operators | 7. Guidance for Server Operators | |||
| To conform to this specification, the published SRV records and | To conform to this specification, the published SRV records and | |||
| subsequent address (A, AAAA) records MUST be secured with DNSSEC. | subsequent address (A, AAAA) records MUST be secured with DNSSEC. | |||
| There SHOULD also be at least one TLSA record published that | There SHOULD also be at least one TLSA record published that | |||
| authenticates the server's certificate. Except for Certificate Usage | authenticates the server's certificate. | |||
| "3", the certificate authenticated by the TLSA record(s) MUST contain | ||||
| a reference identifier that matches: | When using TLSA records with Certificate Usage "DANE-EE", the | |||
| deployed certificate does not need to contain any of the possible | ||||
| reference identifiers discussed below. Indeed, none of the | ||||
| certificate's information is necessary for such certificates. | ||||
| However, servers that rely solely on validation using Certificate | ||||
| Usage "DANE-EE" TLSA records might prevent clients that do not | ||||
| support this specification from successfully connecting with TLS. | ||||
| For TLSA records with Certificate Usage types other than "DANE-EE", | ||||
| the certificate(s) MUST contain a reference identifier that matches: | ||||
| o the service domain name (the "source domain" in [RFC6125] terms, | o the service domain name (the "source domain" in [RFC6125] terms, | |||
| which is the SRV query domain); and/or | which is the SRV query domain); and/or | |||
| o the server host name (the "derived domain" in [RFC6125] terms, | o the server host name (the "derived domain" in [RFC6125] terms, | |||
| which is the SRV target). | which is the SRV target). | |||
| Servers that support multiple service domains (i.e., multi-tenant) | Servers that support multiple service domains (i.e., multi-tenant) | |||
| can implement Server Name Identifier (TLS SNI) [RFC6066] or its | can implement Server Name Indicator (TLS SNI) [RFC6066] or its | |||
| functional equivalent to determine which certificate to offer. | functional equivalent to determine which certificate to offer. | |||
| Clients that do not support this specification will indicate a | Clients that do not support this specification will indicate a | |||
| preference for the service domain name, while clients that support | preference for the service domain name, while clients that support | |||
| this specification will indicate the server host name. However, the | this specification will indicate the server host name. However, the | |||
| server determines what certificate to present in the TLS handshake; | server determines what certificate to present in the TLS handshake; | |||
| e.g., the presented certificate might only authenticate the server | e.g., the presented certificate might only authenticate the server | |||
| host name. | host name. | |||
| 8. Internationalization Considerations | 8. Internationalization Considerations | |||
| skipping to change at page 8, line 28 ¶ | skipping to change at page 8, line 50 ¶ | |||
| protocol completely; a partial deployment is not secure and we make | protocol completely; a partial deployment is not secure and we make | |||
| no special effort to support it. | no special effort to support it. | |||
| 10.2. A Service Domain Trusts its Servers | 10.2. A Service Domain Trusts its Servers | |||
| By signing their zone with DNSSEC, service domain operators | By signing their zone with DNSSEC, service domain operators | |||
| implicitly instruct their clients to check their server TLSA records. | implicitly instruct their clients to check their server TLSA records. | |||
| This implies another point in the trust relationship between service | This implies another point in the trust relationship between service | |||
| domain holders and their server operators. Most of the setup | domain holders and their server operators. Most of the setup | |||
| requirements for this protocol fall on the server operator: | requirements for this protocol fall on the server operator: | |||
| installing a TLS certificate with the correct name, and publishing a | installing a TLS certificate with the correct name (where necessary), | |||
| TLSA record under that name. If these are not correct then | and publishing a TLSA record for that certificate. If these are not | |||
| connections from TLSA-aware clients might fail. | correct then connections from TLSA-aware clients might fail. | |||
| 10.3. Certificate Subject Name Matching | 10.3. Certificate Subject Name Matching | |||
| Section 4 of the TLSA specification [RFC6698] leaves the details of | Section 4 of the TLSA specification [RFC6698] leaves the details of | |||
| checking names in certificates to higher level application protocols, | checking names in certificates to higher level application protocols, | |||
| though it suggests the use of [RFC6125]. | though it suggests the use of [RFC6125]. | |||
| Name checks are not necessary if the matching TLSA record is of | Name checks are not necessary if the matching TLSA record is of | |||
| Certificate Usage "3". Because such a record identifies the specific | Certificate Usage "DANE-EE". Because such a record identifies the | |||
| certificate (or public key of the certificate), additional checks are | specific certificate (or public key of the certificate), additional | |||
| superfluous and potentially conflicting. | checks are superfluous and potentially conflicting. | |||
| Otherwise, while DNSSEC provides a secure binding between the server | Otherwise, while DNSSEC provides a secure binding between the server | |||
| name and the TLSA record, and the TLSA record provides a binding to a | name and the TLSA record, and the TLSA record provides a binding to a | |||
| certificate, this latter step can be indirect via a chain of | certificate, this latter step can be indirect via a chain of | |||
| certificates. For example, a Certificate Usage "0" TLSA record only | certificates. For example, a Certificate Usage "PKIX-TA" TLSA record | |||
| authenticates the CA that issued the certificate, and third parties | only authenticates the CA that issued the certificate, and third | |||
| can obtain certificates from the same CA. Therefore, clients need to | parties can obtain certificates from the same CA. Therefore, clients | |||
| check whether the server's certificate matches one of the expected | need to check whether the server's certificate matches one of the | |||
| reference identifiers to ensure the certificate was issued by the CA | expected reference identifiers to ensure the certificate was issued | |||
| to the server the client expects. | by the CA to the server the client expects. | |||
| 11. Acknowledgements | 11. Acknowledgements | |||
| Thanks to Mark Andrews for arguing that authenticating the server | Thanks to Mark Andrews for arguing that authenticating the server | |||
| host name is the right thing, and that we ought to rely on DNSSEC to | host name is the right thing, and that we ought to rely on DNSSEC to | |||
| secure the SRV / MX lookup. Thanks to James Cloos, Viktor Dukhovni, | secure the SRV / MX lookup. Thanks to James Cloos, Viktor Dukhovni, | |||
| Ned Freed, Olafur Gudmundsson, Paul Hoffman, Phil Pennock, Hector | Ned Freed, Olafur Gudmundsson, Paul Hoffman, Phil Pennock, Hector | |||
| Santos, Jonas Schneider, and Alessandro Vesely for helpful | Santos, Jonas Schneider, and Alessandro Vesely for helpful | |||
| suggestions. | suggestions. | |||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| [I-D.ietf-dane-registry-acronyms] | ||||
| Gudmundsson, O., "Adding acronyms to simplify DANE | ||||
| conversations", draft-ietf-dane-registry-acronyms-03 (work | ||||
| in progress), January 2014. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for | [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for | |||
| specifying the location of services (DNS SRV)", RFC 2782, | specifying the location of services (DNS SRV)", RFC 2782, | |||
| February 2000. | February 2000. | |||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "DNS Security Introduction and Requirements", RFC | Rose, "DNS Security Introduction and Requirements", RFC | |||
| 4033, March 2005. | 4033, March 2005. | |||
| skipping to change at page 11, line 4 ¶ | skipping to change at page 11, line 31 ¶ | |||
| ; TLSA resource record | ; TLSA resource record | |||
| _25._tcp.mx.example.net. TLSA ... | _25._tcp.mx.example.net. TLSA ... | |||
| _25._tcp.mx.example.net. RRSIG TLSA ... | _25._tcp.mx.example.net. RRSIG TLSA ... | |||
| Mail for addresses at example.com is delivered by SMTP to | Mail for addresses at example.com is delivered by SMTP to | |||
| mx.example.net. Connections to mx.example.net port 25 that use | mx.example.net. Connections to mx.example.net port 25 that use | |||
| STARTTLS will get a server certificate that authenticates the name | STARTTLS will get a server certificate that authenticates the name | |||
| mx.example.net. | mx.example.net. | |||
| Appendix B. XMPP Example | Appendix B. XMPP Example | |||
| In the following, most of the DNS resource data is elided for | In the following, most of the DNS resource data is elided for | |||
| simplicity. | simplicity. | |||
| ; XMPP domain | ; XMPP domain | |||
| _xmpp-client.example.com. SRV 1 0 5222 im.example.net. | _xmpp-client.example.com. SRV 1 0 5222 im.example.net. | |||
| _xmpp-clientexample.com. RRSIG SRV ... | _xmpp-client.example.com. RRSIG SRV ... | |||
| ; XMPP server host name | ; XMPP server host name | |||
| im.example.net. A 192.0.2.3 | im.example.net. A 192.0.2.3 | |||
| im.example.net. RRSIG A ... | im.example.net. RRSIG A ... | |||
| im.example.net. AAAA 2001:db8:212:8::e:4 | im.example.net. AAAA 2001:db8:212:8::e:4 | |||
| im.example.net. RRSIG AAAA ... | im.example.net. RRSIG AAAA ... | |||
| ; TLSA resource record | ; TLSA resource record | |||
| _5222._tcp.im.example.net. TLSA ... | _5222._tcp.im.example.net. TLSA ... | |||
| _5222._tcp.im.example.net. RRSIG TLSA ... | _5222._tcp.im.example.net. RRSIG TLSA ... | |||
| Mail for addresses at example.com is delivered by SMTP to | XMPP sessions for addresses at example.com are established at | |||
| mx.example.net. Connections to mx.example.net port 25 that use | im.example.net. Connections to im.example.net port 5222 that use | |||
| STARTTLS will get a server certificate that authenticates the name | STARTTLS will get a server certificate that authenticates the name | |||
| mx.example.net. | im.example.net. | |||
| Appendix C. Rationale | Appendix C. Rationale | |||
| The long-term goal of this specification is to settle on TLS | The long-term goal of this specification is to settle on TLS | |||
| certificates that verify the server host name rather than the service | certificates that verify the server host name rather than the service | |||
| domain, since this is more convenient for servers hosting multiple | domain, since this is more convenient for servers hosting multiple | |||
| domains (so-called "multi-tenanted environments") and scales up more | domains (so-called "multi-tenanted environments") and scales up more | |||
| easily to larger numbers of service domains. | easily to larger numbers of service domains. | |||
| There are a number of other reasons for doing it this way: | There are a number of other reasons for doing it this way: | |||
| End of changes. 36 change blocks. | ||||
| 79 lines changed or deleted | 115 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||