idnits 2.17.1 draft-ietf-dnsext-keyrr-key-signing-flag-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 111: '...rative properties and MUST NOT be used...' RFC 2119 keyword, line 118: '...e administrators SHOULD set the bit on...' RFC 2119 keyword, line 123: '...y as their 'trusted key' MAY choose to...' RFC 2119 keyword, line 132: '...is key. The bit SHOULD NOT be modifie...' RFC 2119 keyword, line 137: '... The flag MUST NOT be used in the re...' (1 more instance...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in RFC2119. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 2002) is 7892 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-15) exists of draft-ietf-dnsext-delegation-signer-08 -- Possible downref: Non-RFC (?) normative reference: ref. '2' == Outdated reference: A later version (-04) exists of draft-ietf-dnsext-restrict-key-for-dnssec-03 ** Obsolete normative reference: RFC 3090 (ref. '4') (Obsoleted by RFC 4033, RFC 4034, RFC 4035) Summary: 6 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNS Extensions O. Kolkman 3 Internet-Draft RIPE NCC 4 Expires: March 2, 2003 J. Schlyter 5 Carlstedt Research & 6 Technology 7 September 2002 9 KEY RR Key Signing (KS) Flag 10 draft-ietf-dnsext-keyrr-key-signing-flag-01 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with 15 all provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at http:// 28 www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on March 2, 2003. 35 Copyright Notice 37 Copyright (C) The Internet Society (2002). All Rights Reserved. 39 Abstract 41 With the DS record [1] the concept of key signing and zone signing 42 keys has been introduced. Key signing keys are the keys that sign 43 the keyset only. In general, key signing keys are the keys that are 44 pointed to by DS records and are the first keys to be used when 45 following a chain of trust into the zone. The key signing keys only 46 sign the KEY RRset at the apex of a zone, zone signing keys sign all 47 data in a zone. We propose a flag to distinguish the key signing key 48 from other keys in the KEY RR set during DNSSEC operations. 50 The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", 51 "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be 52 interpreted as described in RFC2119. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. The Key Signing Flag . . . . . . . . . . . . . . . . . . . . . 3 58 3. DNSSEC Protocol Changes . . . . . . . . . . . . . . . . . . . 3 59 4. Operational Guidelines . . . . . . . . . . . . . . . . . . . . 4 60 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 61 6. Document Changes . . . . . . . . . . . . . . . . . . . . . . . 4 62 6.1 draft version 00 -> 01 . . . . . . . . . . . . . . . . . . . . 5 63 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 64 References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6 66 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 7 68 1. Introduction 70 "All keys are equal but some keys are more equal than others" [2] 72 With the DS record [1] the concept of key signing and zone signing 73 keys has been introduced. In general these are the keys that are 74 pointed to by DS records and are the first keys to be used when 75 following the chain of trust into a zone ( secure entry points of the 76 zone). These key signing keys may also be configured in resolver 77 systems that use zones as a trusted root[4] for a secure island. 79 Early deployment tests have shown that during the key-exchange 80 between the parent and the child it is useful to indicate which keys 81 are to be used as the secure entry point to a zone. We introduce the 82 Key Signing Key flag to indicate this special 'administrative' status 83 of the key. The availability of the flag allows the key exchange to 84 be automated where, without the flag, some additional out-of-band 85 communication is needed. 87 2. The Key Signing Flag 89 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 90 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 91 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 92 | flags |K| protocol | algorithm | 93 | |S| | | 94 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 95 | / 96 / public key / 97 / / 98 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 100 KEY RR Format 102 The bit 15th bit (TBD) in the flags field is assigned to be the key 103 signing flag. If set the key is intended to be used as key signing 104 key. If the bit is not set, no special meaning should be assigned. 105 The 15th bit is currently reserved [3]. 107 3. DNSSEC Protocol Changes 109 The use of the KS flag does not change the DNS resolution and 110 resolution protocol. The KS flag is only used to provide a hint 111 about the different administrative properties and MUST NOT be used 112 during the resolving process. 114 4. Operational Guidelines 116 By setting the KS flag on a particular key, zone administrators 117 indicate that that key should be used as the secure entry point for 118 their zone. Therefore zone administrators SHOULD set the bit only 119 for zone keys that are used to sign the KEY RRset and are intended to 120 act as the first link in the chain of trust for their zone. 122 Parent zone administrators and resolver administrators that want to 123 configure a keysigning key as their 'trusted key' MAY choose to 124 ignore the flag. 126 Using the flag a key rollover can be automated. The parent can use 127 an existing trust relation to verify keysets in which a new key with 128 the KS flag appears. 130 If the bit is modified during the lifetime of the key then this would 131 have impact on the keytag and on the hash data in the DS RRs 132 intending to point to this key. The bit SHOULD NOT be modified once 133 the key has been put into use. 135 5. Security Considerations 137 The flag MUST NOT be used in the resolution protocol or to determine 138 the security status of a key. The flag is to be used for 139 administrative purposes only. 141 No trust in a key should be inferred from this flag - trust must be 142 inferred from an existing chain of trust or an out-of-band exchange. 144 Since this flag MAY be used for automating key exchanges, we think 145 the following consideration is in place. 147 Automated mechanisms for rollover of the DS RR may be vulnerable to a 148 class of replay attacks. This may happen after a key exchange where 149 a keyset, containing two keys with the KS flag set, is sent to the 150 parent. The parent verifies the keyset with the existing trust 151 relation and creates the new DS RR from the key that the current DS 152 is not pointing to. This key exchange may be replayed, if the parent 153 does not maintain state of which DS RRs where used previously so that 154 the new DS RR is replaced by the old DS RR again. These kinds of 155 attacks can be prevented by maintaining a registry of keys that have 156 been used to generate DS RRs from previously. 158 6. Document Changes 159 6.1 draft version 00 -> 01 161 Clean up of references and correction of typos; 163 modified Abstract text a little; 165 Added explicit warning for replay attacks to the security section; 167 Removed the text that hinted on a distinction between a keysigning 168 key configured in resolvers and in parent zones. 170 7. Acknowledgments 172 The ideas documented in this draft are inspired by communications we 173 had with numerous people and ideas published by other folk, Olafur 174 Gudmundsson, Daniel Karrenberg, Dan Massey and Sam Weiler have been 175 helping with providing ideas and feedback. 177 This document saw the light during a workshop on DNSSEC operations 178 hosted by USC/ISI. 180 References 182 [1] Gudmundsson, "Delegation Signer Resource Record", work in 183 progress draft-ietf-dnsext-delegation-signer-08.txt, June 2002. 185 [2] Orwell, "Animal Farm; a Fairy Story"", 1945, . 188 [3] Massey and Rose, "Limiting the Scope of the KEY Resource 189 Record", work in progress draft-ietf-dnsext-restrict-key-for- 190 dnssec-03, June 28 2002. 192 [4] Lewis, E., "DNS Security Extension Clarification on Zone 193 Status", RFC 3090, March 2001. 195 Authors' Addresses 197 Olaf M. Kolkman 198 RIPE NCC 199 Singel 256 200 Amsterdam 1016 AB 201 NL 203 Phone: +31 20 535 4444 204 EMail: olaf@ripe.net 205 URI: http://www.ripe.net/ 207 Jakob Schlyter 208 Carlstedt Research & Technology 209 Stora Badhusgatan 18-20 210 Goteborg SE-411 21 211 Sweden 213 EMail: jakob@crt.se 214 URI: http://www.crt.se/~jakob/ 216 Full Copyright Statement 218 Copyright (C) The Internet Society (2002). All Rights Reserved. 220 This document and translations of it may be copied and furnished to 221 others, and derivative works that comment on or otherwise explain it 222 or assist in its implementation may be prepared, copied, published 223 and distributed, in whole or in part, without restriction of any 224 kind, provided that the above copyright notice and this paragraph are 225 included on all such copies and derivative works. However, this 226 document itself may not be modified in any way, such as by removing 227 the copyright notice or references to the Internet Society or other 228 Internet organizations, except as needed for the purpose of 229 developing Internet standards in which case the procedures for 230 copyrights defined in the Internet Standards process must be 231 followed, or as required to translate it into languages other than 232 English. 234 The limited permissions granted above are perpetual and will not be 235 revoked by the Internet Society or its successors or assigns. 237 This document and the information contained herein is provided on an 238 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 239 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 240 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 241 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 242 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 244 Acknowledgement 246 Funding for the RFC Editor function is currently provided by the 247 Internet Society.