idnits 2.17.1 draft-ietf-dnsext-keyrr-key-signing-flag-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == The expression 'MAY NOT', while looking like RFC 2119 requirements text, is not defined in RFC 2119, and should not be used. Consider using 'MUST NOT' instead (if that is what you mean). Found 'MAY NOT' in this paragraph: The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in RFC2119. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 3, 2002) is 7814 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '2' is defined on line 235, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2535 (ref. '3') (Obsoleted by RFC 4033, RFC 4034, RFC 4035) ** Obsolete normative reference: RFC 3090 (ref. '4') (Obsoleted by RFC 4033, RFC 4034, RFC 4035) == Outdated reference: A later version (-15) exists of draft-ietf-dnsext-delegation-signer-09 Summary: 4 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNS Extensions O. Kolkman 3 Internet-Draft RIPE NCC 4 Expires: June 3, 2003 J. Schlyter 5 Carlstedt Research & 6 Technology 7 December 3, 2002 9 KEY RR Key-Signing Key (KSK) Flag 10 draft-ietf-dnsext-keyrr-key-signing-flag-04 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with 15 all provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at http:// 28 www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on June 3, 2003. 35 Copyright Notice 37 Copyright (C) The Internet Society (2002). All Rights Reserved. 39 Abstract 41 With the DS record [5] the concept of key-signing and zone-signing 42 keys has been introduced. Key-signing keys are the keys that sign 43 the keyset only. In general, key-signing keys are the keys that are 44 pointed to by DS records and are the first keys to be used when 45 following a chain of trust into the zone. The key-signing keys only 46 sign the KEY RRset at the apex of a zone, zone- signing keys sign all 47 other data in a zone. We propose a flag to distinguish the key- 48 signing key from other keys in the KEY RR set during DNSSEC 49 operations. 51 The key words "MAY","MAY NOT", "MUST", "MUST NOT", "REQUIRED", 52 "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be 53 interpreted as described in RFC2119. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. The Key-Signing Key (KSK) Flag . . . . . . . . . . . . . . . . 3 59 3. DNSSEC Protocol Changes . . . . . . . . . . . . . . . . . . . 4 60 4. Operational Guidelines . . . . . . . . . . . . . . . . . . . . 4 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 63 7. Internationalization Considerations . . . . . . . . . . . . . 5 64 8. Document Changes . . . . . . . . . . . . . . . . . . . . . . . 5 65 8.1 draft version 00 -> 01 . . . . . . . . . . . . . . . . . . . . 5 66 8.2 draft version 01 -> 02 . . . . . . . . . . . . . . . . . . . . 5 67 8.3 draft version 02 -> 03 . . . . . . . . . . . . . . . . . . . . 5 68 8.4 draft version 03 -> 04 . . . . . . . . . . . . . . . . . . . . 6 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 70 Normative References . . . . . . . . . . . . . . . . . . . . . 6 71 Informative References . . . . . . . . . . . . . . . . . . . . 6 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 7 73 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 8 75 1. Introduction 77 "All keys are equal but some keys are more equal than others" [6] 79 With the DS record [5] the concept of key-signing and zone-signing 80 keys has been introduced into DNSSEC[3]. In general these are the 81 keys that are pointed to by DS records and are the first keys to be 82 used when following the chain of trust into a zone ( secure entry 83 points of the zone). These key-signing keys may also be configured 84 in resolver systems that use zones as a trusted root[4] for a secure 85 island. 87 Early deployment tests have shown that during the key-exchange 88 between the parent and the child it is useful to highlight which keys 89 are to be used as the secure entry point to a zone. We introduce the 90 Key-Signing Key flag to indicate this special 'administrative' status 91 of the key. The availability of the flag allows the key exchange to 92 be automated where, without the flag, some additional out-of-band 93 communication is needed. 95 2. The Key-Signing Key (KSK) Flag 97 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 98 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 99 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 100 | flags |K| protocol | algorithm | 101 | |S| | | 102 | |K| | | 103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 104 | / 105 / public key / 106 / / 107 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 109 KEY RR Format 111 The KSK bit (TBD) in the flags field is assigned to be the key- 112 signing flag. If set the key is intended to be used as key-signing 113 key. No special meaning should be assigned to the bit not being set. 114 The draft proposes using the current 15'th bit [1] as the KSK bit. 115 This way operators can recognize the key-signing by the parity of the 116 decimal representation of the flag field. 118 3. DNSSEC Protocol Changes 120 The use of the KSK flag does not change the DNS resolution and 121 resolution protocol. The KSK flag is only used to provide a hint 122 about the different administrative properties and MUST NOT be used 123 during the resolving process. 125 4. Operational Guidelines 127 By setting the KSK flag on a particular key, zone administrators 128 indicate that that key SHOULD be used as the secure entry point for 129 their zone. Therefore zone administrators SHOULD set the bit only 130 for zone keys that are used to sign the KEY RRset and are intended to 131 act as the first link in the chain of trust for their zone. 133 Parent zone administrators and resolver administrators that want to 134 configure a key-signing key as their 'trusted key' MAY choose to 135 ignore the flag. 137 Using the flag a key roll over can be automated. The parent can use 138 an existing trust relation to verify keysets in which a new key with 139 the KSK flag appears. 141 If the bit is modified during the lifetime of the key then this would 142 have impact on the keytag in the SIG RRs and on the hash data in the 143 DS RRs intending to point to this key. The bit SHOULD NOT be 144 modified once the key has been put into use. 146 5. Security Considerations 148 The flag MUST NOT be used in the resolution protocol or to determine 149 the security status of a key. The flag is to be used for 150 administrative purposes only. 152 No trust in a key should be inferred from this flag - trust must be 153 inferred from an existing chain of trust or an out-of-band exchange. 155 Since this flag might be used for automating key exchanges, we think 156 the following consideration is in place. 158 Automated mechanisms for roll over of the DS RR might be vulnerable 159 to a class of replay attacks. This might happen after a key exchange 160 where a keyset, containing two keys with the KSK flag set, is sent to 161 the parent. The parent verifies the keyset with the existing trust 162 relation and creates the new DS RR from the key that the current DS 163 is not pointing to. This key exchange might be replayed. Parents 164 are encouraged to implement a replay defence. A simple defence can 165 be based on a registry of keys that have been used to generate DS RRs 166 during the most recent roll over. 168 6. IANA Considerations 170 draft-ietf-dnsext-restrict-key-for-dnssec [1] eliminates all flags 171 field except for the zone key flag in the KEY RR. We propose to use 172 the 15'th bit as the KSK bit; the decimal representation of the 173 flagfield will then be odd for key-signing keys. 175 7. Internationalization Considerations 177 There are no internationalization considerations 179 8. Document Changes 181 8.1 draft version 00 -> 01 183 Clean up of references and correction of typos; 185 modified Abstract text a little; 187 Added explicit warning for replay attacks to the security section; 189 Removed the text that hinted on a distinction between a key- 190 signing key configured in resolvers and in parent zones. 192 8.2 draft version 01 -> 02 194 Added IANA and Internationalization section. 196 Split references into informational and normative. 198 Spelling and style corrections. 200 8.3 draft version 02 -> 03 202 Changed the name from KS to KSK, this to prevent confusion with 203 NS, DS and other acronyms in DNS. 205 In the security section: Rewrote the section so that it does not 206 suggest to use a particular type of registry and that it is clear 207 that a key registry is only one of the defences possible. 209 Spelling and style corrections 211 8.4 draft version 03 -> 04 213 Text has been made consistent with the statement: ' No special 214 meaning should be assigned to the bit not being set.' 216 Made explicit that the keytag changes in SIG RR. 218 9. Acknowledgements 220 The ideas documented in this draft are inspired by communications we 221 had with numerous people and ideas published by other folk. Among 222 others Olafur Gudmundsson, Daniel Karrenberg, Ed Lewis, Dan Massey, 223 Marcos Sanz and Sam Weiler have contributed ideas and provided 224 feedback. 226 This document saw the light during a workshop on DNSSEC operations 227 hosted by USC/ISI. 229 Normative References 231 [1] Massey, D. and S. Rose, "Limiting the Scope of the KEY Resource 232 Record out", draft-ietf-dnsext-restrict-key-for-dnssec-04 (work 233 in progress), September 2002. 235 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 236 Levels", BCP 14, RFC 2119, March 1997. 238 [3] Eastlake, D., "Domain Name System Security Extensions", RFC 239 2535, March 1999. 241 [4] Lewis, E., "DNS Security Extension Clarification on Zone 242 Status", RFC 3090, March 2001. 244 Informative References 246 [5] Gudmundsson, O., "Delegation Signer Resource Record", draft- 247 ietf-dnsext-delegation-signer-09 (work in progress), September 248 2002. 250 [6] Orwell, G. and R. Steadman (illustrator), "Animal Farm; a Fairy 251 Story"", ISBN 0151002177 (50th anniversery edition), April 1996. 253 Authors' Addresses 255 Olaf M. Kolkman 256 RIPE NCC 257 Singel 256 258 Amsterdam 1016 AB 259 NL 261 Phone: +31 20 535 4444 262 EMail: olaf@ripe.net 263 URI: http://www.ripe.net/ 265 Jakob Schlyter 266 Carlstedt Research & Technology 267 Stora Badhusgatan 18-20 268 Goteborg SE-411 21 269 Sweden 271 EMail: jakob@crt.se 272 URI: http://www.crt.se/~jakob/ 274 Full Copyright Statement 276 Copyright (C) The Internet Society (2002). All Rights Reserved. 278 This document and translations of it may be copied and furnished to 279 others, and derivative works that comment on or otherwise explain it 280 or assist in its implementation may be prepared, copied, published 281 and distributed, in whole or in part, without restriction of any 282 kind, provided that the above copyright notice and this paragraph are 283 included on all such copies and derivative works. However, this 284 document itself may not be modified in any way, such as by removing 285 the copyright notice or references to the Internet Society or other 286 Internet organizations, except as needed for the purpose of 287 developing Internet standards in which case the procedures for 288 copyrights defined in the Internet Standards process must be 289 followed, or as required to translate it into languages other than 290 English. 292 The limited permissions granted above are perpetual and will not be 293 revoked by the Internet Society or its successors or assigns. 295 This document and the information contained herein is provided on an 296 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 297 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 298 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 299 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 300 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 302 Acknowledgement 304 Funding for the RFC Editor function is currently provided by the 305 Internet Society.