idnits 2.17.1 draft-krecicki-dnsenc-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 30, 2015) is 3131 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-16) exists of draft-ietf-dane-smime-08 -- Obsolete informational reference (is this intentional?): RFC 3761 (Obsoleted by RFC 6116, RFC 6117) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force W. Krecicki 3 Internet-Draft Internet Systems Consortium 4 Intended status: Standards Track September 30, 2015 5 Expires: April 2, 2016 7 Stateless DNS Encryption 8 draft-krecicki-dnsenc-00 10 Abstract 12 The DNS is the last common Internet protocol that has no encryption 13 scheme and therefore provides no privacy to the users. This document 14 proposes an extensible mechanism providing encryption of DNS queries 15 and responses with method for secure retrieval and verification of 16 validity of encryption keys. It is independent of the underlying 17 transport protocol. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on April 2, 2016. 36 Copyright Notice 38 Copyright (c) 2015 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 2. Communication process . . . . . . . . . . . . . . . . . . . . 3 56 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 57 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 4.1. Normative References . . . . . . . . . . . . . . . . . . 4 59 4.2. Informative References . . . . . . . . . . . . . . . . . 4 60 Appendix A. Additional Stuff . . . . . . . . . . . . . . . . . . 4 61 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 63 1. Introduction 65 The Domain Name System protocol is specified in RFC 1034 [RFC1034] 66 and RFC 1035" [RFC1035]. DNS messages are unencrypted and therefore 67 prone to eavesdropping. Although it's considered only metadata, the 68 are a lot of data that can be leaked - from simply domain names of 69 visited sites, to eg phone numbers (RFC 3761 [RFC3761]) or e-mail 70 addresses (draft-ietf-dane-smime-08 [I-D.ietf-dane-smime]). 72 The DNS protocol is very lightweight - the queries are usually < 100 73 bytes long, the responses are usually < 1000 bytes (with DNSSEC). 74 Existing transport encryption schemes such as TLS for TCP or DTLS for 75 UDP give huge and unnecessary overhead both in amount of data sent 76 and retrieved and in number of packets exchanged between client and 77 server. 79 In DNSENC the query is encrypted using asymmetric cryptography with a 80 securely retrieved key, the response is encrypted using symmetric 81 encryption using one-time key provided with query. DNSENC protocol 82 is confined within DNS and does not requires any additional external 83 mechanism such as external PKI/CA system. 85 The DNSENC communication can be split into three phases: 87 o first the client retrieves public key for server that is stored in 88 DNS and DNSSEC signed (this key can be cached) 90 o client creates the query, adds a random response encryption key 91 and encrypts the query with servers public key 93 o server decrypts the message, prepares the response and encrypts it 94 with the key provided by client 96 1.1. Requirements Language 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 100 document are to be interpreted as described in RFC 2119 [RFC2119]. 102 2. Communication process 104 To communicate securely with server, client first needs to retrieve 105 servers public key for assymetric encryption. This key is stored in 106 DNSEK record for reverse DNS record IP address of DNS server, as 107 described in RFC3152, 1033, 2317. This record MUST be DNSSEC signed. 109 TODO alternative method - DNSEK kept by NS record 111 Each DNSEK RR consist of priority field, key identifier, query 112 encryption scheme (asymmetrical, eg. RSA), query key data and 113 possible response encryption schemes. The server might provide 114 multiple RR records, it's client responsibility to choose a RRR that 115 has query and response encryption schemes supported by client and has 116 highest priority. 118 After choosin encryption scheme client generates a random response 119 encryption key (symmetrical, eg. AES), prepares a regular DNS query 120 with DNSEK record containing the response encryption scheme and key 121 in ADDITIONAL section. This message is encrypted using query 122 encryption key and packed, along with encryption key ID, in a DNSENC 123 RR. A new query is created with query id copied from the encrypted 124 message, empty QUESTION (TODO or put something there?), ANSWER and 125 AUTHORITY sections and with DNSENC RR in ADDITIONAL section and sent 126 to server. The response encryption key is stored along its 127 identifier for decryption. 129 After receiving the query with DNSENC RR in ADDITIONAL section the 130 server checks if it has proper key and decrypts the message. A 131 regular DNS response packet is created, it is encrypted using 132 response encryption key sent by client and stored along with response 133 encryption key ID in DNSENC RR. New response packet with query ID 134 copied from the encrypted one is created with empty QUESTION, ANSWER 135 (TODO?) and AUTHORITY sections and with DNSENC RR in ADDITIONAL 136 section. This response packet is sent to the client. 138 3. Security Considerations 140 The security of this protocol is based deeply on DNSSEC [RFC4033]. 141 Protection agains downgrade attack requires wide adoption of DNSSEC. 143 4. References 145 4.1. Normative References 147 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 148 STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, 149 . 151 [RFC1035] Mockapetris, P., "Domain names - implementation and 152 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 153 November 1987, . 155 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 156 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 157 RFC2119, March 1997, 158 . 160 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. 161 Rose, "DNS Security Introduction and Requirements", RFC 162 4033, DOI 10.17487/RFC4033, March 2005, 163 . 165 4.2. Informative References 167 [I-D.ietf-dane-smime] 168 Hoffman, P. and J. Schlyter, "Using Secure DNS to 169 Associate Certificates with Domain Names For S/MIME", 170 draft-ietf-dane-smime-08 (work in progress), February 171 2015. 173 [RFC3761] Faltstrom, P. and M. Mealling, "The E.164 to Uniform 174 Resource Identifiers (URI) Dynamic Delegation Discovery 175 System (DDDS) Application (ENUM)", RFC 3761, DOI 10.17487/ 176 RFC3761, April 2004, 177 . 179 Appendix A. Additional Stuff 181 This becomes an Appendix. 183 Author's Address 184 Witold Krecicki 185 Internet Systems Consortium 186 Warsaw 187 PL 189 Phone: +48 502117580 190 Email: wpk@isc.org