idnits 2.17.1 

draft-ietf-dnsext-dnssec-intro-12.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1.a on line 24.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 935.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 912.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 919.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 925.

  ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure
     Acknowledgement. 

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.

  ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate
     instead of verbatim RFC 3978 boilerplate.  After 6 May 2005, submission
     of drafts without verbatim RFC 3978 boilerplate is not accepted.

     The following non-3978 patterns matched text found in the document. 
     That text should be removed or replaced:

        This document is an Internet-Draft and is subject to all provisions of
        Section 3 of RFC 3667.

        By submitting this Internet-Draft, each author represents that any
        applicable patent or other IPR claims of which he or she is aware
        have been or will be disclosed, and any of which he or she
        becomes aware will be disclosed, in accordance with Section 6 of
        BCP 79.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (September 20, 2004) is 7158 days in the past.  Is
     this intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Outdated reference: A later version (-09) exists of
     draft-ietf-dnsext-dnssec-protocol-06

  == Outdated reference: A later version (-11) exists of
     draft-ietf-dnsext-dnssec-records-08

  ** Obsolete normative reference: RFC 2535 (Obsoleted by RFC 4033, RFC 4034,
     RFC 4035)

  ** Obsolete normative reference: RFC 2671 (Obsoleted by RFC 6891)

  ** Obsolete normative reference: RFC 3445 (Obsoleted by RFC 4033, RFC 4034,
     RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 2538
     (Obsoleted by RFC 4398)

  -- Obsolete informational reference (is this intentional?): RFC 2845
     (Obsoleted by RFC 8945)

  -- Obsolete informational reference (is this intentional?): RFC 3008
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3090
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3655
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3658
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3755
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3757
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)

  -- Obsolete informational reference (is this intentional?): RFC 3845
     (Obsoleted by RFC 4033, RFC 4034, RFC 4035)


     Summary: 8 errors (**), 0 flaws (~~), 4 warnings (==), 16 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	DNS Extensions                                                 R. Arends
3	Internet-Draft                                      Telematica Instituut
4	Expires: March 21, 2005                                       R. Austein
5	                                                                     ISC
6	                                                               M. Larson
7	                                                                VeriSign
8	                                                               D. Massey
9	                                                                 USC/ISI
10	                                                                 S. Rose
11	                                                                    NIST
12	                                                      September 20, 2004

14	               DNS Security Introduction and Requirements
15	                   draft-ietf-dnsext-dnssec-intro-12

17	Status of this Memo

19	   This document is an Internet-Draft and is subject to all provisions
20	   of section 3 of RFC 3667.  By submitting this Internet-Draft, each
21	   author represents that any applicable patent or other IPR claims of
22	   which he or she is aware have been or will be disclosed, and any of
23	   which he or she become aware will be disclosed, in accordance with
24	   RFC 3668.

26	   Internet-Drafts are working documents of the Internet Engineering
27	   Task Force (IETF), its areas, and its working groups.  Note that
28	   other groups may also distribute working documents as
29	   Internet-Drafts.

31	   Internet-Drafts are draft documents valid for a maximum of six months
32	   and may be updated, replaced, or obsoleted by other documents at any
33	   time.  It is inappropriate to use Internet-Drafts as reference
34	   material or to cite them other than as "work in progress."

36	   The list of current Internet-Drafts can be accessed at
37	   http://www.ietf.org/ietf/1id-abstracts.txt.

39	   The list of Internet-Draft Shadow Directories can be accessed at
40	   http://www.ietf.org/shadow.html.

42	   This Internet-Draft will expire on March 21, 2005.

44	Copyright Notice

46	   Copyright (C) The Internet Society (2004).

48	Abstract
49	   The Domain Name System Security Extensions (DNSSEC) add data origin
50	   authentication and data integrity to the Domain Name System.  This
51	   document introduces these extensions, and describes their
52	   capabilities and limitations.  This document also discusses the
53	   services that the DNS security extensions do and do not provide.
54	   Last, this document describes the interrelationships between the
55	   group of documents that collectively describe DNSSEC.

57	Table of Contents

59	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
60	   2.  Definitions of Important DNSSEC Terms  . . . . . . . . . . . .  4
61	   3.  Services Provided by DNS Security  . . . . . . . . . . . . . .  8
62	     3.1   Data Origin Authentication and Data Integrity  . . . . . .  8
63	     3.2   Authenticating Name and Type Non-Existence . . . . . . . .  9
64	   4.  Services Not Provided by DNS Security  . . . . . . . . . . . . 11
65	   5.  Scope of the DNSSEC Document Set and Last Hop Issues . . . . . 12
66	   6.  Resolver Considerations  . . . . . . . . . . . . . . . . . . . 14
67	   7.  Stub Resolver Considerations . . . . . . . . . . . . . . . . . 15
68	   8.  Zone Considerations  . . . . . . . . . . . . . . . . . . . . . 16
69	     8.1   TTL values vs. RRSIG validity period . . . . . . . . . . . 16
70	     8.2   New Temporal Dependency Issues for Zones . . . . . . . . . 16
71	   9.  Name Server Considerations . . . . . . . . . . . . . . . . . . 17
72	   10.   DNS Security Document Family . . . . . . . . . . . . . . . . 18
73	   11.   IANA Considerations  . . . . . . . . . . . . . . . . . . . . 19
74	   12.   Security Considerations  . . . . . . . . . . . . . . . . . . 20
75	   13.   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22
76	   14.   References . . . . . . . . . . . . . . . . . . . . . . . . . 23
77	   14.1  Normative References . . . . . . . . . . . . . . . . . . . . 23
78	   14.2  Informative References . . . . . . . . . . . . . . . . . . . 23
79	       Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 25
80	       Intellectual Property and Copyright Statements . . . . . . . . 26

82	1.  Introduction

84	   This document introduces the Domain Name System Security Extensions
85	   (DNSSEC).  This document and its two companion documents
86	   ([I-D.ietf-dnsext-dnssec-records] and
87	   [I-D.ietf-dnsext-dnssec-protocol]) update, clarify, and refine the
88	   security extensions defined in [RFC2535] and its predecessors.  These
89	   security extensions consist of a set of new resource record types and
90	   modifications to the existing DNS protocol [RFC1035].  The new
91	   records and protocol modifications are not fully described in this
92	   document, but are described in a family of documents outlined in
93	   Section 10.  Section 3 and Section 4 describe the capabilities and
94	   limitations of the security extensions in greater detail.  Section 5
95	   discusses the scope of the document set.  Section 6, Section 7,
96	   Section 8, and Section 9 discuss the effect that these security
97	   extensions will have on resolvers, stub resolvers, zones and name
98	   servers.

100	   This document and its two companions update and obsolete [RFC2535],
101	   [RFC3008], [RFC3090], [RFC3445], [RFC3655], [RFC3658], [RFC3755],
102	   [RFC3757], and [RFC3845].  This document set also updates, but does
103	   not obsolete, [RFC1034], [RFC1035], [RFC2136], [RFC2181], [RFC2308],
104	   [RFC3225], [RFC3007], [RFC3597], and the portions of [RFC3226] that
105	   deal with DNSSEC.

107	   The DNS security extensions provide origin authentication and
108	   integrity protection for DNS data, as well as a means of public key
109	   distribution.  These extensions do not provide confidentiality.

111	2.  Definitions of Important DNSSEC Terms

113	   This section defines a number of terms used in this document set.
114	   Since this is intended to be useful as a reference while reading the
115	   rest of the document set, first-time readers may wish to skim this
116	   section quickly, read the rest of this document, then come back to
117	   this section.

119	   Authentication Chain: An alternating sequence of DNSKEY RRsets and DS
120	      RRsets forms a chain of signed data, with each link in the chain
121	      vouching for the next.  A DNSKEY RR is used to verify the
122	      signature covering a DS RR and allows the DS RR to be
123	      authenticated.  The DS RR contains a hash of another DNSKEY RR and
124	      this new DNSKEY RR is authenticated by matching the hash in the DS
125	      RR.  This new DNSKEY RR in turn authenticates another DNSKEY RRset
126	      and, in turn, some DNSKEY RR in this set may be used to
127	      authenticate another DS RR and so forth until the chain finally
128	      ends with a DNSKEY RR whose corresponding private key signs the
129	      desired DNS data.  For example, the root DNSKEY RRset can be used
130	      to authenticate the DS RRset for "example."  The "example." DS
131	      RRset contains a hash that matches some "example." DNSKEY, and
132	      this DNSKEY's corresponding private key signs the "example."
133	      DNSKEY RRset.  Private key counterparts of the "example." DNSKEY
134	      RRset sign data records such as "www.example." as well as DS RRs
135	      for delegations such as "subzone.example."

137	   Authentication Key: A public key that a security-aware resolver has
138	      verified and can therefore use to authenticate data.  A
139	      security-aware resolver can obtain authentication keys in three
140	      ways.  First, the resolver is generally configured to know about
141	      at least one public key; this configured data is usually either
142	      the public key itself or a hash of the public key as found in the
143	      DS RR (see "trust anchor").  Second, the resolver may use an
144	      authenticated public key to verify a DS RR and the DNSKEY RR to
145	      which the DS RR refers.  Third, the resolver may be able to
146	      determine that a new public key has been signed by the private key
147	      corresponding to another public key which the resolver has
148	      verified.  Note that the resolver must always be guided by local
149	      policy when deciding whether to authenticate a new public key,
150	      even if the local policy is simply to authenticate any new public
151	      key for which the resolver is able verify the signature.

153	   Delegation Point: Term used to describe the name at the parental side
154	      of a zone cut.  That is, the delegation point for "foo.example"
155	      would be the foo.example node in the "example" zone (as opposed to
156	      the zone apex of the "foo.example" zone).

158	   Island of Security: Term used to describe a signed, delegated zone
159	      that does not have an authentication chain from its delegating
160	      parent.  That is, there is no DS RR containing a hash of a DNSKEY
161	      RR for the island in its delegating parent zone (see
162	      [I-D.ietf-dnsext-dnssec-records]).  An island of security is
163	      served by security-aware name servers and may provide
164	      authentication chains to any delegated child zones.  Responses
165	      from an island of security or its descendents can only be
166	      authenticated if its authentication keys can be authenticated by
167	      some trusted means out of band from the DNS protocol.

169	   Key Signing Key (KSK): An authentication key that corresponds to a
170	      private key used to sign one or more other authentication keys for
171	      a given zone.  Typically, the private key corresponding to a key
172	      signing key will sign a zone signing key, which in turn has a
173	      corresponding private key which will sign other zone data.  Local
174	      policy may require the zone signing key to be changed frequently,
175	      while the key signing key may have a longer validity period in
176	      order to provide a more stable secure entry point into the zone.
177	      Designating an authentication key as a key signing key is purely
178	      an operational issue: DNSSEC validation does not distinguish
179	      between key signing keys and other DNSSEC authentication keys, and
180	      it is possible to use a single key as both a key signing key and a
181	      zone signing key.  Key signing keys are discussed in more detail
182	      in [RFC3757].  Also see: zone signing key.

184	   Non-Validating Security-Aware Stub Resolver: A security-aware stub
185	      resolver which trusts one or more security-aware recursive name
186	      servers to perform most of the tasks discussed in this document
187	      set on its behalf.  In particular, a non-validating security-aware
188	      stub resolver is an entity which sends DNS queries, receives DNS
189	      responses, and is capable of establishing an appropriately secured
190	      channel to a security-aware recursive name server which will
191	      provide these services on behalf of the security-aware stub
192	      resolver.  See also: security-aware stub resolver, validating
193	      security-aware stub resolver.

195	   Non-Validating Stub Resolver: A less tedious term for a
196	      non-validating security-aware stub resolver.

198	   Security-Aware Name Server: An entity acting in the role of a name
199	      server (defined in section 2.4 of [RFC1034]) that understands the
200	      DNS security extensions defined in this document set.  In
201	      particular, a security-aware name server is an entity which
202	      receives DNS queries, sends DNS responses, supports the EDNS0
203	      [RFC2671] message size extension and the DO bit [RFC3225], and
204	      supports the RR types and message header bits defined in this
205	      document set.

207	   Security-Aware Recursive Name Server: An entity which acts in both
208	      the security-aware name server and security-aware resolver roles.
209	      A more cumbersome equivalent phrase would be "a security-aware
210	      name server which offers recursive service".

212	   Security-Aware Resolver: An entity acting in the role of a resolver
213	      (defined in section 2.4 of [RFC1034]) which understands the DNS
214	      security extensions defined in this document set.  In particular,
215	      a security-aware resolver is an entity which sends DNS queries,
216	      receives DNS responses, supports the EDNS0 [RFC2671] message size
217	      extension and the DO bit [RFC3225], and is capable of using the RR
218	      types and message header bits defined in this document set to
219	      provide DNSSEC services.

221	   Security-Aware Stub Resolver: An entity acting in the role of a stub
222	      resolver (defined in section 5.3.1 of [RFC1034]) which has enough
223	      of an understanding the DNS security extensions defined in this
224	      document set to provide additional services not available from a
225	      security-oblivious stub resolver.  Security-aware stub resolvers
226	      may be either "validating" or "non-validating" depending on
227	      whether the stub resolver attempts to verify DNSSEC signatures on
228	      its own or trusts a friendly security-aware name server to do so.
229	      See also: validating stub resolver, non-validating stub resolver.

231	   Security-Oblivious <anything>: An <anything> that is not
232	      "security-aware".

234	   Signed Zone: A zone whose RRsets are signed and which contains
235	      properly constructed DNSKEY, RRSIG, NSEC and (optionally) DS
236	      records.

238	   Trust Anchor: A configured DNSKEY RR or DS RR hash of a DNSKEY RR.  A
239	      validating security-aware resolver uses this public key or hash as
240	      a starting point for building the authentication chain to a signed
241	      DNS response.  In general, a validating resolver will need to
242	      obtain the initial values of its trust anchors via some secure or
243	      trusted means outside the DNS protocol.  Presence of a trust
244	      anchor also implies that the resolver should expect the zone to
245	      which the trust anchor points to be signed.

247	   Unsigned Zone: A zone that is not signed.

249	   Validating Security-Aware Stub Resolver: A security-aware resolver
250	      that sends queries in recursive mode but which performs signature
251	      validation on its own rather than just blindly trusting an
252	      upstream security-aware recursive name server.  See also:
253	      security-aware stub resolver, non-validating security-aware stub
254	      resolver.

256	   Validating Stub Resolver: A less tedious term for a validating
257	      security-aware stub resolver.

259	   Zone Signing Key (ZSK): An authentication key that corresponds to a
260	      private key used to sign a zone.  Typically a zone signing key
261	      will be part of the same DNSKEY RRset as the key signing key whose
262	      corresponding private key signs this DNSKEY RRset, but the zone
263	      signing key is used for a slightly different purpose, and may
264	      differ from the key signing key in other ways, such as validity
265	      lifetime.  Designating an authentication key as a zone signing key
266	      is purely an operational issue: DNSSEC validation does not
267	      distinguish between zone signing keys and other DNSSEC
268	      authentication keys, and it is possible to use a single key as
269	      both a key signing key and a zone signing key.  See also: key
270	      signing key.

272	3.  Services Provided by DNS Security

274	   The Domain Name System (DNS) security extensions provide origin
275	   authentication and integrity assurance services for DNS data,
276	   including mechanisms for authenticated denial of existence of DNS
277	   data.  These mechanisms are described below.

279	   These mechanisms require changes to the DNS protocol.  DNSSEC adds
280	   four new resource record types (RRSIG, DNSKEY, DS and NSEC) and two
281	   new message header bits (CD and AD).  In order to support the larger
282	   DNS message sizes that result from adding the DNSSEC RRs, DNSSEC also
283	   requires EDNS0 support [RFC2671].  Finally, DNSSEC requires support
284	   for the DO bit [RFC3225], so that a security-aware resolver can
285	   indicate in its queries that it wishes to receive DNSSEC RRs in
286	   response messages.

288	   These services protect against most of the threats to the Domain Name
289	   System described in [RFC3833].

291	3.1  Data Origin Authentication and Data Integrity

293	   DNSSEC provides authentication by associating cryptographically
294	   generated digital signatures with DNS RRsets.  These digital
295	   signatures are stored in a new resource record, the RRSIG record.
296	   Typically, there will be a single private key that signs a zone's
297	   data, but multiple keys are possible: for example, there may be keys
298	   for each of several different digital signature algorithms.  If a
299	   security-aware resolver reliably learns a zone's public key, it can
300	   authenticate that zone's signed data.  An important DNSSEC concept is
301	   that the key that signs a zone's data is associated with the zone
302	   itself and not with the zone's authoritative name servers (public
303	   keys for DNS transaction authentication mechanisms may also appear in
304	   zones, as described in [RFC2931], but DNSSEC itself is concerned with
305	   object security of DNS data, not channel security of DNS
306	   transactions.  The keys associated with transaction security may be
307	   stored in different RR types.  See [RFC3755] for details.).

309	   A security-aware resolver can learn a zone's public key either by
310	   having a trust anchor configured into the resolver or by normal DNS
311	   resolution.  To allow the latter, public keys are stored in a new
312	   type of resource record, the DNSKEY RR.  Note that the private keys
313	   used to sign zone data must be kept secure, and should be stored
314	   offline when practical to do so.  To discover a public key reliably
315	   via DNS resolution, the target key itself needs to be signed by
316	   either a configured authentication key or another key that has been
317	   authenticated previously.  Security-aware resolvers authenticate zone
318	   information by forming an authentication chain from a newly learned
319	   public key back to a previously known authentication public key,
320	   which in turn either has been configured into the resolver or must
321	   have been learned and verified previously.  Therefore, the resolver
322	   must be configured with at least one trust anchor.  If the configured
323	   key is a zone signing key, then it will authenticate the associated
324	   zone; if the configured key is a key signing key, it will
325	   authenticate a zone signing key.  If the resolver has been configured
326	   with the hash of a key rather than the key itself, the resolver may
327	   need to obtain the key via a DNS query.  To help security-aware
328	   resolvers establish this authentication chain, security-aware name
329	   servers attempt to send the signature(s) needed to authenticate a
330	   zone's public key(s) in the DNS reply message along with the public
331	   key itself, provided there is space available in the message.

333	   The Delegation Signer (DS) RR type simplifies some of the
334	   administrative tasks involved in signing delegations across
335	   organizational boundaries.  The DS RRset resides at a delegation
336	   point in a parent zone and indicates the public key(s) corresponding
337	   to the private key(s) used to self-sign the DNSKEY RRset at the
338	   delegated child zone's apex.  The administrator of the child zone, in
339	   turn, uses the private key(s) corresponding to one or more of the
340	   public keys in this DNSKEY RRset to sign the child zone's data.  The
341	   typical authentication chain is therefore
342	   DNSKEY->[DS->DNSKEY]*->RRset, where "*" denotes zero or more
343	   DS->DNSKEY subchains.  DNSSEC permits more complex authentication
344	   chains, such as additional layers of DNSKEY RRs signing other DNSKEY
345	   RRs within a zone.

347	   A security-aware resolver normally constructs this authentication
348	   chain from the root of the DNS hierarchy down to the leaf zones based
349	   on configured knowledge of the public key for the root.  Local
350	   policy, however, may also allow a security-aware resolver to use one
351	   or more configured public keys (or hashes of public keys) other than
352	   the root public key, or may not provide configured knowledge of the
353	   root public key, or may prevent the resolver from using particular
354	   public keys for arbitrary reasons even if those public keys are
355	   properly signed with verifiable signatures.  DNSSEC provides
356	   mechanisms by which a security-aware resolver can determine whether
357	   an RRset's signature is "valid" within the meaning of DNSSEC.  In the
358	   final analysis however, authenticating both DNS keys and data is a
359	   matter of local policy, which may extend or even override the
360	   protocol extensions defined in this document set.  See Section 5 for
361	   further discussion.

363	3.2  Authenticating Name and Type Non-Existence

365	   The security mechanism described in Section 3.1 only provides a way
366	   to sign existing RRsets in a zone.  The problem of providing negative
367	   responses with the same level of authentication and integrity
368	   requires the use of another new resource record type, the NSEC
369	   record.  The NSEC record allows a security-aware resolver to
370	   authenticate a negative reply for either name or type non-existence
371	   via the same mechanisms used to authenticate other DNS replies.  Use
372	   of NSEC records requires a canonical representation and ordering for
373	   domain names in zones.  Chains of NSEC records explicitly describe
374	   the gaps, or "empty space", between domain names in a zone, as well
375	   as listing the types of RRsets present at existing names.  Each NSEC
376	   record is signed and authenticated using the mechanisms described in
377	   Section 3.1.

379	4.  Services Not Provided by DNS Security

381	   DNS was originally designed with the assumptions that the DNS will
382	   return the same answer to any given query regardless of who may have
383	   issued the query, and that all data in the DNS is thus visible.
384	   Accordingly, DNSSEC is not designed to provide confidentiality,
385	   access control lists, or other means of differentiating between
386	   inquirers.

388	   DNSSEC provides no protection against denial of service attacks.
389	   Security-aware resolvers and security-aware name servers are
390	   vulnerable to an additional class of denial of service attacks based
391	   on cryptographic operations.  Please see Section 12 for details.

393	   The DNS security extensions provide data and origin authentication
394	   for DNS data.  The mechanisms outlined above are not designed to
395	   protect operations such as zone transfers and dynamic update
396	   ([RFC2136], [RFC3007]).  Message authentication schemes described in
397	   [RFC2845] and [RFC2931] address security operations that pertain to
398	   these transactions.

400	5.  Scope of the DNSSEC Document Set and Last Hop Issues

402	   The specification in this document set defines the behavior for zone
403	   signers and security-aware name servers and resolvers in such a way
404	   that the validating entities can unambiguously determine the state of
405	   the data.

407	   A validating resolver can determine these 4 states:

409	   Secure: The validating resolver has a trust anchor, a chain of trust
410	      and is able to verify all the signatures in the response.

412	   Insecure: The validating resolver has a trust anchor, a chain of
413	      trust, and, at some delegation point, signed proof of the
414	      non-existence of a DS record.  That indicates that subsequent
415	      branches in the tree are provably insecure.  A validating resolver
416	      may have local policy to mark parts of the domain space as
417	      insecure.

419	   Bogus: The validating resolver has a trust anchor and there is a
420	      secure delegation which is indicating that subsidiary data will be
421	      signed, but the response fails to validate due to one or more
422	      reasons: missing signatures, expired signatures, signatures with
423	      unsupported algorithms, data missing which the relevant NSEC RR
424	      says should be present, and so forth.

426	   Indeterminate: There is no trust anchor which would indicate that a
427	      specific portion of the tree is secure.  This is the default
428	      operation mode.

430	   This specification only defines how security aware name servers can
431	   signal non-validating stub resolvers that data was found to be bogus
432	   (using RCODE=2, "Server Failure" -- see
433	   [I-D.ietf-dnsext-dnssec-protocol]).

435	   There is a mechanism for security aware name servers to signal
436	   security-aware stub resolvers that data was found to be secure (using
437	   the AD bit, see [I-D.ietf-dnsext-dnssec-protocol]).

439	   This specification does not define a format for communicating why
440	   responses were found to be bogus or marked as insecure.  The current
441	   signaling mechanism does not distinguish between indeterminate and
442	   insecure.

444	   A method for signaling advanced error codes and policy between a
445	   security aware stub resolver and security aware recursive nameservers
446	   is a topic for future work, as is the interface between a security
447	   aware resolver and the applications that use it.  Note, however, that
448	   the lack of the specification of such communication does not prohibit
449	   deployment of signed zones or the deployment of security aware
450	   recursive name servers that prohibit propagation of bogus data to the
451	   applications.

453	6.  Resolver Considerations

455	   A security-aware resolver needs to be able to perform cryptographic
456	   functions necessary to verify digital signatures using at least the
457	   mandatory-to-implement algorithm(s).  Security-aware resolvers must
458	   also be capable of forming an authentication chain from a newly
459	   learned zone back to an authentication key, as described above.  This
460	   process might require additional queries to intermediate DNS zones to
461	   obtain necessary DNSKEY, DS and RRSIG records.  A security-aware
462	   resolver should be configured with at least one trust anchor as the
463	   starting point from which it will attempt to establish authentication
464	   chains.

466	   If a security-aware resolver is separated from the relevant
467	   authoritative name servers by a recursive name server or by any sort
468	   of device which acts as a proxy for DNS, and if the recursive name
469	   server or proxy is not security-aware, the security-aware resolver
470	   may not be capable of operating in a secure mode.  For example, if a
471	   security-aware resolver's packets are routed through a network
472	   address translation device that includes a DNS proxy which is not
473	   security-aware, the security-aware resolver may find it difficult or
474	   impossible to obtain or validate signed DNS data.  The security-aware
475	   resolver may have a particularly difficult time obtaining DS RRs in
476	   such a case, since DS RRs do not follow the usual DNS rules for
477	   ownership of RRs at zone cuts.

479	   If a security-aware resolver must rely on an unsigned zone or a name
480	   server that is not security aware, the resolver may not be able to
481	   validate DNS responses, and will need a local policy on whether to
482	   accept unverified responses.

484	   A security-aware resolver should take a signature's validation period
485	   into consideration when determining the TTL of data in its cache, to
486	   avoid caching signed data beyond the validity period of the
487	   signature, but should also allow for the possibility that the
488	   security-aware resolver's own clock is wrong.  Thus, a security-aware
489	   resolver which is part of a security-aware recursive name server will
490	   need to pay careful attention to the DNSSEC "checking disabled" (CD)
491	   bit [I-D.ietf-dnsext-dnssec-records].  This is in order to avoid
492	   blocking valid signatures from getting through to other
493	   security-aware resolvers which are clients of this recursive name
494	   server.  See [I-D.ietf-dnsext-dnssec-protocol] for how a secure
495	   recursive server handles queries with the CD bit set.

497	7.  Stub Resolver Considerations

499	   Although not strictly required to do so by the protocol, most DNS
500	   queries originate from stub resolvers.  Stub resolvers, by
501	   definition, are minimal DNS resolvers which use recursive query mode
502	   to offload most of the work of DNS resolution to a recursive name
503	   server.  Given the widespread use of stub resolvers, the DNSSEC
504	   architecture has to take stub resolvers into account, but the
505	   security features needed in a stub resolver differ in some respects
506	   from those needed in a full security-aware resolver.

508	   Even a security-oblivious stub resolver may get some benefit from
509	   DNSSEC if the recursive name servers it uses are security-aware, but
510	   for the stub resolver to place any real reliance on DNSSEC services,
511	   the stub resolver must trust both the recursive name servers in
512	   question and the communication channels between itself and those name
513	   servers.  The first of these issues is a local policy issue: in
514	   essence, a security-oblivious stub resolver has no real choice but to
515	   place itself at the mercy of the recursive name servers that it uses,
516	   since it does not perform DNSSEC validity checks on its own.  The
517	   second issue requires some kind of channel security mechanism; proper
518	   use of DNS transaction authentication mechanisms such as SIG(0) or
519	   TSIG would suffice, as would appropriate use of IPsec, and particular
520	   implementations may have other choices available, such as operating
521	   system specific interprocess communication mechanisms.
522	   Confidentiality is not needed for this channel, but data integrity
523	   and message authentication are.

525	   A security-aware stub resolver that does trust both its recursive
526	   name servers and its communication channel to them may choose to
527	   examine the setting of the AD bit in the message header of the
528	   response messages it receives.  The stub resolver can use this flag
529	   bit as a hint to find out whether the recursive name server was able
530	   to validate signatures for all of the data in the Answer and
531	   Authority sections of the response.

533	   There is one more step that a security-aware stub resolver can take
534	   if, for whatever reason, it is not able to establish a useful trust
535	   relationship with the recursive name servers which it uses: it can
536	   perform its own signature validation, by setting the Checking
537	   Disabled (CD) bit in its query messages.  A validating stub resolver
538	   is thus able to treat the DNSSEC signatures as a trust relationship
539	   between the zone administrator and the stub resolver itself.

541	8.  Zone Considerations

543	   There are several differences between signed and unsigned zones.  A
544	   signed zone will contain additional security-related records (RRSIG,
545	   DNSKEY, DS and NSEC records).  RRSIG and NSEC records may be
546	   generated by a signing process prior to serving the zone.  The RRSIG
547	   records that accompany zone data have defined inception and
548	   expiration times, which establish a validity period for the
549	   signatures and the zone data the signatures cover.

551	8.1  TTL values vs. RRSIG validity period

553	   It is important to note the distinction between a RRset's TTL value
554	   and the signature validity period specified by the RRSIG RR covering
555	   that RRset.  DNSSEC does not change the definition or function of the
556	   TTL value, which is intended to maintain database coherency in
557	   caches.  A caching resolver purges RRsets from its cache no later
558	   than the end of the time period specified by the TTL fields of those
559	   RRsets, regardless of whether or not the resolver is security-aware.

561	   The inception and expiration fields in the RRSIG RR
562	   [I-D.ietf-dnsext-dnssec-records], on the other hand, specify the time
563	   period during which the signature can be used to validate the covered
564	   RRset.  The signatures associated with signed zone data are only
565	   valid for the time period specified by these fields in the RRSIG RRs
566	   in question.  TTL values cannot extend the validity period of signed
567	   RRsets in a resolver's cache, but the resolver may use the time
568	   remaining before expiration of the signature validity period of a
569	   signed RRset as an upper bound for the TTL of the signed RRset and
570	   its associated RRSIG RR in the resolver's cache.

572	8.2  New Temporal Dependency Issues for Zones

574	   Information in a signed zone has a temporal dependency which did not
575	   exist in the original DNS protocol.  A signed zone requires regular
576	   maintenance to ensure that each RRset in the zone has a current valid
577	   RRSIG RR.  The signature validity period of an RRSIG RR is an
578	   interval during which the signature for one particular signed RRset
579	   can be considered valid, and the signatures of different RRsets in a
580	   zone may expire at different times.  Re-signing one or more RRsets in
581	   a zone will change one or more RRSIG RRs, which in turn will require
582	   incrementing the zone's SOA serial number to indicate that a zone
583	   change has occurred and re-signing the SOA RRset itself.  Thus,
584	   re-signing any RRset in a zone may also trigger DNS NOTIFY messages
585	   and zone transfers operations.

587	9.  Name Server Considerations

589	   A security-aware name server should include the appropriate DNSSEC
590	   records (RRSIG, DNSKEY, DS and NSEC) in all responses to queries from
591	   resolvers which have signaled their willingness to receive such
592	   records via use of the DO bit in the EDNS header, subject to message
593	   size limitations.  Since inclusion of these DNSSEC RRs could easily
594	   cause UDP message truncation and fallback to TCP, a security-aware
595	   name server must also support the EDNS "sender's UDP payload"
596	   mechanism.

598	   If possible, the private half of each DNSSEC key pair should be kept
599	   offline, but this will not be possible for a zone for which DNS
600	   dynamic update has been enabled.  In the dynamic update case, the
601	   primary master server for the zone will have to re-sign the zone when
602	   updated, so the private key corresponding to the zone signing key
603	   will have to be kept online.  This is an example of a situation where
604	   the ability to separate the zone's DNSKEY RRset into zone signing
605	   key(s) and key signing key(s) may be useful, since the key signing
606	   key(s) in such a case can still be kept offline and may have a longer
607	   useful lifetime than the zone signing key(s).

609	   DNSSEC, by itself, is not enough to protect the integrity of an
610	   entire zone during zone transfer operations, since even a signed zone
611	   contains some unsigned, nonauthoritative data if the zone has any
612	   children.  Therefore, zone maintenance operations will require some
613	   additional mechanisms (most likely some form of channel security,
614	   such as TSIG, SIG(0), or IPsec).

616	10.  DNS Security Document Family

618	   The DNSSEC document set can be partitioned into several main groups,
619	   under the larger umbrella of the DNS base protocol documents.

621	   The "DNSSEC protocol document set" refers to the three documents
622	   which form the core of the DNS security extensions:
623	   1.  DNS Security Introduction and Requirements (this document)
624	   2.  Resource Records for DNS Security Extensions
625	       [I-D.ietf-dnsext-dnssec-records]
626	   3.  Protocol Modifications for the DNS Security Extensions
627	       [I-D.ietf-dnsext-dnssec-protocol]

629	   Additionally, any document that would add to, or change the core DNS
630	   Security extensions would fall into this category.  This includes any
631	   future work on the communication between security-aware stub
632	   resolvers and upstream security-aware recursive name servers.

634	   The "Digital Signature Algorithm Specification" document set refers
635	   to the group of documents that describe how specific digital
636	   signature algorithms should be implemented to fit the DNSSEC resource
637	   record format.  Each document in this set deals with a specific
638	   digital signature algorithm.  Please see the appendix on "DNSSEC
639	   Algorithm and Digest Types" in [I-D.ietf-dnsext-dnssec-records] for a
640	   list of the algorithms that were defined at the time this core
641	   specification was written.

643	   The "Transaction Authentication Protocol" document set refers to the
644	   group of documents that deal with DNS message authentication,
645	   including secret key establishment and verification.  While not
646	   strictly part of the DNSSEC specification as defined in this set of
647	   documents, this group is noted because of its relationship to DNSSEC.

649	   The final document set, "New Security Uses", refers to documents that
650	   seek to use proposed DNS Security extensions for other security
651	   related purposes.  DNSSEC does not provide any direct security for
652	   these new uses, but may be used to support them.  Documents that fall
653	   in this category include the use of DNS in the storage and
654	   distribution of certificates [RFC2538].

656	11.  IANA Considerations

658	   This overview document introduces no new IANA considerations.  Please
659	   see [I-D.ietf-dnsext-dnssec-records] for a complete review of the
660	   IANA considerations introduced by DNSSEC.

662	12.  Security Considerations

664	   This document introduces the DNS security extensions and describes
665	   the document set that contains the new security records and DNS
666	   protocol modifications.  The extensions provide data origin
667	   authentication and data integrity using digital signatures over
668	   resource record sets.This document discusses the capabilities and
669	   limitations of these extensions.

671	   In order for a security-aware resolver to validate a DNS response,
672	   all zones along the path from the trusted starting point to the zone
673	   containing the response zones must be signed, and all name servers
674	   and resolvers involved in the resolution process must be
675	   security-aware, as defined in this document set.  A security-aware
676	   resolver cannot verify responses originating from an unsigned zone,
677	   from a zone not served by a security-aware name server, or for any
678	   DNS data which the resolver is only able to obtain through a
679	   recursive name server which is not security-aware.  If there is a
680	   break in the authentication chain such that a security-aware resolver
681	   cannot obtain and validate the authentication keys it needs, then the
682	   security-aware resolver cannot validate the affected DNS data.

684	   This document briefly discusses other methods of adding security to a
685	   DNS query, such as using a channel secured by IPsec or using a DNS
686	   transaction authentication mechanism, but transaction security is not
687	   part of DNSSEC per se.

689	   A non-validating security-aware stub resolver, by definition, does
690	   not perform DNSSEC signature validation on its own, and thus is
691	   vulnerable both to attacks on (and by) the security-aware recursive
692	   name servers which perform these checks on its behalf and also to
693	   attacks on its communication with those security-aware recursive name
694	   servers.  Non-validating security-aware stub resolvers should use
695	   some form of channel security to defend against the latter threat.
696	   The only known defense against the former threat would be for the
697	   security-aware stub resolver to perform its own signature validation,
698	   at which point, again by definition, it would no longer be a
699	   non-validating security-aware stub resolver.

701	   DNSSEC does not protect against denial of service attacks.  DNSSEC
702	   makes DNS vulnerable to a new class of denial of service attacks
703	   based on cryptographic operations against security-aware resolvers
704	   and security-aware name servers, since an attacker can attempt to use
705	   DNSSEC mechanisms to consume a victim's resources.  This class of
706	   attacks takes at least two forms.  An attacker may be able to consume
707	   resources in a security-aware resolver's signature validation code by
708	   tampering with RRSIG RRs in response messages or by constructing
709	   needlessly complex signature chains.  An attacker may also be able to
710	   consume resources in a security-aware name server which supports DNS
711	   dynamic update, by sending a stream of update messages that force the
712	   security-aware name server to re-sign some RRsets in the zone more
713	   frequently than would otherwise be necessary.

715	   DNSSEC does not provide confidentiality, due to a deliberate design
716	   choice.

718	   DNSSEC introduces the ability for a hostile party to enumerate all
719	   the names in a zone by following the NSEC chain.  NSEC RRs assert
720	   which names do not exist in a zone by linking from existing name to
721	   existing name along a canonical ordering of all the names within a
722	   zone.  Thus, an attacker can query these NSEC RRs in sequence to
723	   obtain all the names in a zone.  While not an attack on the DNS
724	   itself, this could allow an attacker to map network hosts or other
725	   resources by enumerating the contents of a zone.

727	   DNSSEC introduces significant additional complexity to the DNS, and
728	   thus introduces many new opportunities for implementation bugs and
729	   misconfigured zones.  In particular, enabling DNSSEC signature
730	   validation in a resolver may cause entire legitimate zones to become
731	   effectively unreachable due to DNSSEC configuration errors or bugs.

733	   DNSSEC does not protect against tampering with unsigned zone data.
734	   Non-authoritative data at zone cuts (glue and NS RRs in the parent
735	   zone) are not signed.  This does not pose a problem when validating
736	   the authentication chain, but does mean that the non-authoritative
737	   data itself is vulnerable to tampering during zone transfer
738	   operations.  Thus, while DNSSEC can provide data origin
739	   authentication and data integrity for RRsets, it cannot do so for
740	   zones, and other mechanisms must be used to protect zone transfer
741	   operations.

743	   Please see [I-D.ietf-dnsext-dnssec-records] and
744	   [I-D.ietf-dnsext-dnssec-protocol] for additional security
745	   considerations.

747	13.  Acknowledgements

749	   This document was created from the input and ideas of the members of
750	   the DNS Extensions Working Group.  While explicitly listing everyone
751	   who has contributed during the decade during which DNSSEC has been
752	   under development would be an impossible task, the editors would
753	   particularly like to thank the following people for their
754	   contributions to and comments on this document set: Jaap Akkerhuis,
755	   Mark Andrews, Derek Atkins, Roy Badami, Alan Barrett, Dan Bernstein,
756	   David Blacka, Len Budney, Randy Bush, Francis Dupont, Donald
757	   Eastlake, Robert Elz, Miek Gieben, Michael Graff, Olafur Gudmundsson,
758	   Gilles Guette, Andreas Gustafsson, Jun-ichiro itojun Hagino, Phillip
759	   Hallam-Baker, Bob Halley, Ted Hardie, Walter Howard, Greg Hudson,
760	   Christian Huitema, Johan Ihren, Stephen Jacob, Jelte Jansen, Simon
761	   Josefsson, Andris Kalnozols, Peter Koch, Olaf Kolkman, Mark Kosters,
762	   Suresh Krishnaswamy, Ben Laurie, David Lawrence, Ted Lemon, Ed Lewis,
763	   Ted Lindgreen, Josh Littlefield, Rip Loomis, Bill Manning, Russ
764	   Mundy, Thomas Narten, Mans Nilsson, Masataka Ohta, Mike Patton, Rob
765	   Payne, Jim Reid, Michael Richardson, Erik Rozendaal, Marcos Sanz,
766	   Pekka Savola, Jakob Schlyter, Mike StJohns, Paul Vixie, Sam Weiler,
767	   Brian Wellington, and Suzanne Woolf.

769	   No doubt the above list is incomplete.  We apologize to anyone we
770	   left out.

772	14.  References

774	14.1  Normative References

776	   [I-D.ietf-dnsext-dnssec-protocol]
777	              Arends, R., Austein, R., Larson, M., Massey, D. and S.
778	              Rose, "Protocol Modifications for the DNS Security
779	              Extensions", draft-ietf-dnsext-dnssec-protocol-06 (work in
780	              progress), May 2004.

782	   [I-D.ietf-dnsext-dnssec-records]
783	              Arends, R., Austein, R., Larson, M., Massey, D. and S.
784	              Rose, "Resource Records for DNS Security Extensions",
785	              draft-ietf-dnsext-dnssec-records-08 (work in progress),
786	              May 2004.

788	   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
789	              STD 13, RFC 1034, November 1987.

791	   [RFC1035]  Mockapetris, P., "Domain names - implementation and
792	              specification", STD 13, RFC 1035, November 1987.

794	   [RFC2535]  Eastlake, D., "Domain Name System Security Extensions",
795	              RFC 2535, March 1999.

797	   [RFC2671]  Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC
798	              2671, August 1999.

800	   [RFC3225]  Conrad, D., "Indicating Resolver Support of DNSSEC", RFC
801	              3225, December 2001.

803	   [RFC3226]  Gudmundsson, O., "DNSSEC and IPv6 A6 aware server/resolver
804	              message size requirements", RFC 3226, December 2001.

806	   [RFC3445]  Massey, D. and S. Rose, "Limiting the Scope of the KEY
807	              Resource Record (RR)", RFC 3445, December 2002.

809	14.2  Informative References

811	   [RFC2136]  Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
812	              Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
813	              April 1997.

815	   [RFC2181]  Elz, R. and R. Bush, "Clarifications to the DNS
816	              Specification", RFC 2181, July 1997.

818	   [RFC2308]  Andrews, M., "Negative Caching of DNS Queries (DNS
819	              NCACHE)", RFC 2308, March 1998.

821	   [RFC2538]  Eastlake, D. and O. Gudmundsson, "Storing Certificates in
822	              the Domain Name System (DNS)", RFC 2538, March 1999.

824	   [RFC2845]  Vixie, P., Gudmundsson, O., Eastlake, D. and B.
825	              Wellington, "Secret Key Transaction Authentication for DNS
826	              (TSIG)", RFC 2845, May 2000.

828	   [RFC2931]  Eastlake, D., "DNS Request and Transaction Signatures (
829	              SIG(0)s)", RFC 2931, September 2000.

831	   [RFC3007]  Wellington, B., "Secure Domain Name System (DNS) Dynamic
832	              Update", RFC 3007, November 2000.

834	   [RFC3008]  Wellington, B., "Domain Name System Security (DNSSEC)
835	              Signing Authority", RFC 3008, November 2000.

837	   [RFC3090]  Lewis, E., "DNS Security Extension Clarification on Zone
838	              Status", RFC 3090, March 2001.

840	   [RFC3597]  Gustafsson, A., "Handling of Unknown DNS Resource Record
841	              (RR) Types", RFC 3597, September 2003.

843	   [RFC3655]  Wellington, B. and O. Gudmundsson, "Redefinition of DNS
844	              Authenticated Data (AD) bit", RFC 3655, November 2003.

846	   [RFC3658]  Gudmundsson, O., "Delegation Signer (DS) Resource Record
847	              (RR)", RFC 3658, December 2003.

849	   [RFC3755]  Weiler, S., "Legacy Resolver Compatibility for Delegation
850	              Signer", RFC 3755, April 2004.

852	   [RFC3757]  Kolkman, O., Schlyter, J. and E. Lewis, "KEY RR Secure
853	              Entry Point Flag", RFC 3757, April 2004.

855	   [RFC3833]  Atkins, D. and R. Austein, "Threat Analysis of the Domain
856	              Name System (DNS)", RFC 3833, August 2004.

858	   [RFC3845]  Schlyter, J., "DNS Security (DNSSEC) NextSECure (NSEC)
859	              RDATA Format", RFC 3845, August 2004.

861	Authors' Addresses

863	   Roy Arends
864	   Telematica Instituut
865	   Drienerlolaan 5
866	   7522 NB  Enschede
867	   NL

869	   EMail: roy.arends@telin.nl

871	   Rob Austein
872	   Internet Systems Consortium
873	   950 Charter Street
874	   Redwood City, CA  94063
875	   USA

877	   EMail: sra@isc.org

879	   Matt Larson
880	   VeriSign, Inc.
881	   21345 Ridgetop Circle
882	   Dulles, VA  20166-6503
883	   USA

885	   EMail: mlarson@verisign.com

887	   Dan Massey
888	   USC Information Sciences Institute
889	   3811 N. Fairfax Drive
890	   Arlington, VA  22203
891	   USA

893	   EMail: masseyd@isi.edu

895	   Scott Rose
896	   National Institute for Standards and Technology
897	   100 Bureau Drive
898	   Gaithersburg, MD  20899-8920
899	   USA

901	   EMail: scott.rose@nist.gov

903	Intellectual Property Statement

905	   The IETF takes no position regarding the validity or scope of any
906	   Intellectual Property Rights or other rights that might be claimed to
907	   pertain to the implementation or use of the technology described in
908	   this document or the extent to which any license under such rights
909	   might or might not be available; nor does it represent that it has
910	   made any independent effort to identify any such rights.  Information
911	   on the procedures with respect to rights in RFC documents can be
912	   found in BCP 78 and BCP 79.

914	   Copies of IPR disclosures made to the IETF Secretariat and any
915	   assurances of licenses to be made available, or the result of an
916	   attempt made to obtain a general license or permission for the use of
917	   such proprietary rights by implementers or users of this
918	   specification can be obtained from the IETF on-line IPR repository at
919	   http://www.ietf.org/ipr.

921	   The IETF invites any interested party to bring to its attention any
922	   copyrights, patents or patent applications, or other proprietary
923	   rights that may cover technology that may be required to implement
924	   this standard.  Please address the information to the IETF at
925	   ietf-ipr@ietf.org.

927	Disclaimer of Validity

929	   This document and the information contained herein are provided on an
930	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
931	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
932	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
933	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
934	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
935	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

937	Copyright Statement

939	   Copyright (C) The Internet Society (2004).  This document is subject
940	   to the rights, licenses and restrictions contained in BCP 78, and
941	   except as set forth therein, the authors retain all their rights.

943	Acknowledgment

945	   Funding for the RFC Editor function is currently provided by the
946	   Internet Society.