idnits 2.17.1 draft-ietf-secsh-dns-key-format-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 30, 2001) is 8211 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2535 (Obsoleted by RFC 4033, RFC 4034, RFC 4035) ** Obsolete normative reference: RFC 2537 (Obsoleted by RFC 3110) ** Obsolete normative reference: RFC 2845 (Obsoleted by RFC 8945) -- Possible downref: Non-RFC (?) normative reference: ref. 'SSH-ARCH' -- Possible downref: Non-RFC (?) normative reference: ref. 'SSH-TRANS' Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Wesley Griffin 3 INTERNET-DRAFT NAI Labs 4 draft-ietf-secsh-dns-key-format-00.txt May 2001 5 Expires October 2001 7 Storing SSH Host Keys in DNS 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that other 16 groups may also distribute working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference 21 material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/ietf/shadow.html. 29 This draft expires on October 30, 2001 31 Copyright Notice 33 Copyright (C) The Internet Society (2000). All rights reserved. 35 Abstract 37 DNS Security Extensions enables the secure distribution of public 38 keys over the Internet. This is a desirable feature for the SSH 39 protocol. This document defines the format for storing SSH host keys 40 in KEY resource records. 42 1. Introduction 44 Key distribution, whether shared secret or public key, is a lingering 45 issue in many security-aware protocols, and the SSH protocol [SSH- 46 ARCH] is not an exception. DNS Security Extensions [RFC-2535] can 47 provide one form of a key infrastructure on the Internet. By allowing 48 the client to verify the server key, even without prior knowledge of 49 said key, and out of band of the SSH protocol, the security of the 50 SSH protocol has increased. 52 Familiarity with DNS Security Extensions and the SSH protocol is 53 assumed. 55 2. SSH Key Resource Records 57 SSH Host Keys are stored as KEY RRs. The following sections describe 58 how the flags, protocol, and algorithm are set. 60 2.1 The KEY RR Flag Field 62 The "flags" field is set as follows: 64 Key "type" (bits 0 and 1): 00 (This key can be used for both 65 authentication and confidentiality.) 67 Key "name" (bits 6 and 7): 10 (This key is an "entity" or host 68 key.) 70 2.2 The Protocol Octect 72 The protocol value is TBA by IANA. 74 2.3 The KEY Algorithm Number Specification 76 The algorithm is set as described in Section 3.2 of [RFC-2535]. 77 SSH does not place any additional restrictions on SSH host keys. 78 RSA/MD5 keys use an algorithm value of 1, RSA/SHA1 keys use 5, 79 and DSA keys use 3. 81 2.4 KEY RDATA format 83 Section 4.6 of the SSH transport layer protocol document [SSH- 84 TRANS] describes the encoding format for SSH public keys. The DNS 85 KEY encoding format is described in [RFC-2536] for DSA public 86 keys and [RFC-2537] for RSA/MD5 public keys. 88 The KEY RDATA format itself consists of the Flags Field, Protocol 89 Octect, Algorithm, and public key, which can be converted from 90 the SSH encoding to the DNS encoding using the descriptions 91 mentioned. 93 3. Security Considerations 95 Placing SSH host keys in DNS allows ssh programs and users to perform 96 additional checks that may help foil man in the middle attacks. With 97 DNSSEC deployed, SSH programs can rely on DNS as a secure key 98 distribution mechanism, as discussed in the SSH architecture document 99 [SSH-ARCH]. 101 There are 2 possible ways an SSH client can trust keys from DNS. The 102 first is to perform full DNSSEC verification on the host key and all 103 the zones containing the domain name up to a trusted zone. This 104 requires the client to be configured with a trusted zone key and 105 following the steps for SIG verification outlined in Sections 4 and 106 6.3 of [RFC-2535]. 108 The other method is for the client to perform a SIG(0) or TSIG 109 secured query to a nameserver. This method pushes the zone 110 verification off to the nameserver, but uses SIG(0), defined in 111 [RFC-2931], or TSIG, defined in [RFC-2845], to verify the query to 112 the nameserver. 114 This document only describes the format of the DNS KEY Resource 115 Record. Outlined above are two simple methods for trusting keys from 116 DNS, however the more detailed and in-depth key trust discussion will 117 appear in another document. 119 4. IANA Considerations 121 This document specifies how SSH host keys can be placed in DNS, it 122 also requests an assignment of a DNS KEY protocol value for this use. 123 Guidance to IANA can be found in Section 3.1.3 of [RFC-2535]. 125 5. Acknowledgements 127 Olafur Gudmundsson and Edward Lewis were instrumental in motivating 128 and shaping this document. 130 6. Trademark Issues 132 As of this writing, SSH Communications Security Oy claims ssh as its 133 trademark. As with all IPR claims the IETF takes no position 134 regarding the validity or scope of this trademark claim. 136 7. References 138 [RFC-2535] 139 Eastlake, D., "Domain Name System Security Extensions", RFC 2535, 140 March 1999. 142 [RFC-2536] 143 Eastlake, D., "DSA KEYs and SIGs in the Domain Name System (DNS)", 144 RFC 2536, March 1999. 146 [RFC-2537] 147 Eastlake, D., "RSA/MD5 KEYs and SIGs in the Domain Name System 148 (DNS)", RFC 2537, March 1999. 150 [RFC-2845] 151 Vixie, P., et al, "Secret Key Transaction Authentication for DNS 152 (TSIG)", RFC 2845, May 2000. 154 [RFC-2931] 155 Eastlake, D., "DNS Request and Transaction Signatures ( SIG(0)s )", 156 RFC 2931, September 2000. 158 [SSH-ARCH] 159 Ylonen, T., et al, "SSH Protocol Architecture", Internet Draft, 160 November 2000. 162 [SSH-TRANS] 163 Ylonen, T., et al, "SSH Transport Layer Protocol", Internet Draft, 164 November 2000. 166 Author's Address 168 Wesley Griffin 169 NAI Labs 170 Network Associates, Inc. 171 3060 Washington Rd. (Rt. 97) 172 Glenwood, MD 21738 173 USA 174 +1 443 259 2388 175 wgriffin@tislabs.com 177 Full Copyright Statement 179 Copyright (C) The Internet Society (2000). All rights reserved. 181 This document and translations of it may be copied and furnished to 182 others, and derivative works that comment on or otherwise explain it 183 or assist in its implementation may be prepared, copied, published 184 and distributed, in whole or in part, without restriction of any 185 kind, provided that the above copyright notice and this paragraph are 186 included on all such copies and derivative works. However, this 187 document itself may not be modified in any way, such as by removing 188 the copyright notice or references to the Internet Society or other 189 Internet organizations, except as needed for the purpose of 190 developing Internet standards in which case the procedures for 191 copyrights defines in the Internet Standards process must be 192 followed, or as required to translate it into languages other than 193 English. 195 The limited permissions granted above are perpetual and will not be 196 revoked by the Internet Society or its successors or assigns. 198 This document and the information contained herein is provided on an 199 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 200 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 201 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 202 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 203 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."