idnits 2.17.1 draft-ietf-dnsext-keyrr-key-signing-flag-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 122: '...rative properties and MUST NOT be used...' RFC 2119 keyword, line 128: '...te that that key SHOULD be used as the...' RFC 2119 keyword, line 129: '...e administrators SHOULD set the bit on...' RFC 2119 keyword, line 134: '...y as their 'trusted key' MAY choose to...' RFC 2119 keyword, line 143: '...is key. The bit SHOULD NOT be modifie...' (1 more instance...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in RFC2119. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 2002) is 7893 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-15) exists of draft-ietf-dnsext-delegation-signer-10 ** Obsolete normative reference: RFC 2535 (ref. '2') (Obsoleted by RFC 4033, RFC 4034, RFC 4035) ** Obsolete normative reference: RFC 3090 (ref. '3') (Obsoleted by RFC 4033, RFC 4034, RFC 4035) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNS Extensions O. Kolkman 3 Internet-Draft RIPE NCC 4 Expires: March 2, 2003 J. Schlyter 5 Carlstedt Research & 6 Technology 7 September 2002 9 KEY RR Key-Signing Key (KSK) Flag 10 draft-ietf-dnsext-keyrr-key-signing-flag-02 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with 15 all provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at http:// 28 www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on March 2, 2003. 35 Copyright Notice 37 Copyright (C) The Internet Society (2002). All Rights Reserved. 39 Abstract 41 With the DS record [1] the concept of key-signing and zone-signing 42 keys has been introduced. Key-signing keys are the keys that sign 43 the keyset only. In general, key-signing keys are the keys that are 44 pointed to by DS records and are the first keys to be used when 45 following a chain of trust into the zone. The key-signing keys only 46 sign the KEY RRset at the apex of a zone, zone- signing keys sign all 47 other data in a zone. We propose a flag to distinguish the key- 48 signing key from other keys in the KEY RR set during DNSSEC 49 operations. 51 The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", 52 "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be 53 interpreted as described in RFC2119. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. The Key-Signing Key (KSK) Flag . . . . . . . . . . . . . . . . 3 59 3. DNSSEC Protocol Changes . . . . . . . . . . . . . . . . . . . 4 60 4. Operational Guidelines . . . . . . . . . . . . . . . . . . . . 4 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 63 7. Internationalization Considerations . . . . . . . . . . . . . 5 64 8. Document Changes . . . . . . . . . . . . . . . . . . . . . . . 5 65 8.1 draft version 00 -> 01 . . . . . . . . . . . . . . . . . . . . 5 66 8.2 draft version 01 -> 02 . . . . . . . . . . . . . . . . . . . . 5 67 8.3 draft version 02 -> 03 . . . . . . . . . . . . . . . . . . . . 5 68 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 69 Normative References . . . . . . . . . . . . . . . . . . . . . 6 70 Informative References . . . . . . . . . . . . . . . . . . . . 6 71 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6 72 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 8 74 1. Introduction 76 "All keys are equal but some keys are more equal than others" [5] 78 With the DS record [1] the concept of key-signing and zone-signing 79 keys has been introduced into DNSSEC[2]. In general these are the 80 keys that are pointed to by DS records and are the first keys to be 81 used when following the chain of trust into a zone ( secure entry 82 points of the zone). These key-signing keys may also be configured 83 in resolver systems that use zones as a trusted root[3] for a secure 84 island. 86 Early deployment tests have shown that during the key-exchange 87 between the parent and the child it is useful to highlight which keys 88 are to be used as the secure entry point to a zone. We introduce the 89 Key-Signing Key flag to indicate this special 'administrative' status 90 of the key. The availability of the flag allows the key exchange to 91 be automated where, without the flag, some additional out-of-band 92 communication is needed. 94 2. The Key-Signing Key (KSK) Flag 96 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 97 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 98 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 99 | flags |K| protocol | algorithm | 100 | |S| | | 101 | |K| | | 102 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 103 | / 104 / public key / 105 / / 106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 108 KEY RR Format 110 The KSK bit (TBD) in the flags field is assigned to be the key- 111 signing flag. If set the key is intended to be used as key-signing 112 key. No special meaning should be assigned to the bit not being set. 113 The draft proposes using the current 15'th bit [4] as the KSK bit. 114 This way operators can tell the difference between key and zone- 115 signing keys from the decimal representation of the flag field; it is 116 odd or even respectively. 118 3. DNSSEC Protocol Changes 120 The use of the KSK flag does not change the DNS resolution and 121 resolution protocol. The KSK flag is only used to provide a hint 122 about the different administrative properties and MUST NOT be used 123 during the resolving process. 125 4. Operational Guidelines 127 By setting the KSK flag on a particular key, zone administrators 128 indicate that that key SHOULD be used as the secure entry point for 129 their zone. Therefore zone administrators SHOULD set the bit only 130 for zone keys that are used to sign the KEY RRset and are intended to 131 act as the first link in the chain of trust for their zone. 133 Parent zone administrators and resolver administrators that want to 134 configure a key-signing key as their 'trusted key' MAY choose to 135 ignore the flag. 137 Using the flag a key roll over can be automated. The parent can use 138 an existing trust relation to verify keysets in which a new key with 139 the KSK flag appears. 141 If the bit is modified during the lifetime of the key then this would 142 have impact on the keytag and on the hash data in the DS RRs 143 intending to point to this key. The bit SHOULD NOT be modified once 144 the key has been put into use. 146 5. Security Considerations 148 The flag MUST NOT be used in the resolution protocol or to determine 149 the security status of a key. The flag is to be used for 150 administrative purposes only. 152 No trust in a key should be inferred from this flag - trust must be 153 inferred from an existing chain of trust or an out-of-band exchange. 155 Since this flag might be used for automating key exchanges, we think 156 the following consideration is in place. 158 Automated mechanisms for roll over of the DS RR might be vulnerable 159 to a class of replay attacks. This might happen after a key exchange 160 where a keyset, containing two keys with the KSK flag set, is sent to 161 the parent. The parent verifies the keyset with the existing trust 162 relation and creates the new DS RR from the key that the current DS 163 is not pointing to. This key exchange might be replayed. Parents 164 are encouraged to implement a replay defence. A simple defence can 165 be based on a registry of keys that have been used to generate DS RRs 166 during the most recent roll over. 168 6. IANA Considerations 170 draft-ietf-dnsext-restrict-key-for-dnssec [4] eliminates all flags 171 field except for the zone key flag in the KEY RR. We propose to use 172 the 15'th bit as the KSK bit; the decimal representation of the 173 flagfield will then be odd for key-signing keys and even for zone- 174 signing keys. 176 7. Internationalization Considerations 178 There are no internationalization considerations 180 8. Document Changes 182 8.1 draft version 00 -> 01 184 Clean up of references and correction of typos; 186 modified Abstract text a little; 188 Added explicit warning for replay attacks to the security section; 190 Removed the text that hinted on a distinction between a key- 191 signing key configured in resolvers and in parent zones. 193 8.2 draft version 01 -> 02 195 Added IANA and Internationalization section. 197 Split references into informational and normative. 199 Spelling and style corrections. 201 8.3 draft version 02 -> 03 203 Changed the name from KS to KSK, this to prevent confusion with 204 NS, DS and other acronyms in DNS. 206 In the security section: Rewrote the section so that it does not 207 suggest to use a particular type of registry and that it is clear 208 that a key registry is only one of the defences possible. 210 Spelling and style corrections 212 9. Acknowledgments 214 The ideas documented in this draft are inspired by communications we 215 had with numerous people and ideas published by other folk, Olafur 216 Gudmundsson, Daniel Karrenberg, Ed Lewis, Dan Massey and Sam Weiler 217 have been helping with providing ideas and feedback. 219 This document saw the light during a workshop on DNSSEC operations 220 hosted by USC/ISI. 222 Normative References 224 [1] Gudmundsson, O., "Delegation Signer Resource Record", draft- 225 ietf-dnsext-delegation-signer-10 (work in progress), October 226 2002. 228 [2] Eastlake, D., "Domain Name System Security Extensions", RFC 229 2535, March 1999. 231 [3] Lewis, E., "DNS Security Extension Clarification on Zone 232 Status", RFC 3090, March 2001. 234 Informative References 236 [4] Massey, D. and S. Rose, "Limiting the Scope of the KEY Resource 237 Record out", draft-ietf-dnsext-restrict-key-for-dnssec-04 (work 238 in progress), September 2002. 240 [5] Orwell, "Animal Farm; a Fairy Story"", 1945, . 243 Authors' Addresses 245 Olaf M. Kolkman 246 RIPE NCC 247 Singel 256 248 Amsterdam 1016 AB 249 NL 251 Phone: +31 20 535 4444 252 EMail: olaf@ripe.net 253 URI: http://www.ripe.net/ 254 Jakob Schlyter 255 Carlstedt Research & Technology 256 Stora Badhusgatan 18-20 257 Goteborg SE-411 21 258 Sweden 260 EMail: jakob@crt.se 261 URI: http://www.crt.se/~jakob/ 263 Full Copyright Statement 265 Copyright (C) The Internet Society (2002). All Rights Reserved. 267 This document and translations of it may be copied and furnished to 268 others, and derivative works that comment on or otherwise explain it 269 or assist in its implementation may be prepared, copied, published 270 and distributed, in whole or in part, without restriction of any 271 kind, provided that the above copyright notice and this paragraph are 272 included on all such copies and derivative works. However, this 273 document itself may not be modified in any way, such as by removing 274 the copyright notice or references to the Internet Society or other 275 Internet organizations, except as needed for the purpose of 276 developing Internet standards in which case the procedures for 277 copyrights defined in the Internet Standards process must be 278 followed, or as required to translate it into languages other than 279 English. 281 The limited permissions granted above are perpetual and will not be 282 revoked by the Internet Society or its successors or assigns. 284 This document and the information contained herein is provided on an 285 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 286 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 287 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 288 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 289 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 291 Acknowledgement 293 Funding for the RFC Editor function is currently provided by the 294 Internet Society.