idnits 2.17.1 draft-pwouters-dnsop-dakami-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 5) being 103 lines == It seems as if not all pages are separated by form feeds - found 4 form feeds but 6 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 28 instances of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (3 May 2021) is 1086 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DNSOP P. Wouters, Ed. 3 Internet-Draft The Internet 4 Intended status: Experimental 3 May 2021 5 Expires: 4 November 2021 7 The DAKAMI RRTYPE 8 draft-pwouters-dnsop-dakami-00 10 Abstract 12 This document specifies a new DNS RR type DAKAMI. It is used to 13 signify and honor the impact of security researcher Dan Kaminsky on 14 the DNS ecosystem. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on 4 November 2021. 33 Copyright Notice 35 Copyright (c) 2021 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 40 license-info) in effect on the date of publication of this document. 41 Please review these documents carefully, as they describe your rights 42 and restrictions with respect to this document. Code Components 43 extracted from this document must include Simplified BSD License text 44 as described in Section 4.e of the Trust Legal Provisions and are 45 provided without warranty as described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 51 3. The DAKAMI Resource Record . . . . . . . . . . . . . . . . . 3 52 4. Location of the DAKAMAI Record . . . . . . . . . . . . . . . 3 53 5. Example of a DAKAMI Resource Record . . . . . . . . . . . . . 3 54 5.1. The DAKMAI RDATA Wire Format example . . . . . . . . . . 3 55 5.2. The DAKMAI RDATA Presentation Format example . . . . . . 3 56 6. Operational Considerations . . . . . . . . . . . . . . . . . 4 57 7. Security Considerations . . . . . . . . . . . . . . . . . . . 4 58 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4 59 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 60 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 61 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 11.1. Normative References . . . . . . . . . . . . . . . . . . 6 63 11.2. Informative References . . . . . . . . . . . . . . . . . 6 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 66 1. Introduction 68 This document defines a mechanism to send a DNS query honoring the 69 security researcher Dan Kaminsky, whose online handle was "dakami". 70 Dan Kaminsky suddenly passed away in April 2021 at the age of 42. He 71 will be thoroughly missed. 73 The "Kaminsky Bug", formally known as CVE-2008-1447, allowed remote 74 attackers to spoof DNS traffic that is not protected by DNSSEC via a 75 birthday attack that uses in-bailiwick referrals to conduct cache 76 poisoning against recursive resolvers, related to insufficient 77 randomness of DNS transaction IDs and source ports. 79 While Dan Kaminsky was known in the DNS community for his famous bug 80 and the coordinated response that followed, he was also a well known 81 (white hat) hacker known for encouraging everyone to learn, teach and 82 build a better internet for each other. He has been, and continous 83 to be, an inspiration for Internet engineers and hackers world wide. 85 Dan Kaminsky has been nominated for the Internet Hall of Fame. 87 2. Terminology 89 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 90 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 91 "OPTIONAL" in this document are to be interpreted as described in BCP 92 14 [RFC2119] [RFC8174] when, and only when, they appear in all 93 capitals, as shown here. 95 3. The DAKAMI Resource Record 97 The DAKAMI DNS resource record (RR) is used to honor and remember the 98 achievements of security researcher Dan Kaminsky. 100 The type value allocated for the DAKAMI RR type is 32767. The DAKAMI 101 RR is class independent. 103 The RDATA portion of a DAKAMI resource record contains a string that 104 is semantically equivalent to the TXT [RFC1035] record. 106 4. Location of the DAKAMAI Record 108 There is no fixed location for this RR. Those who wish to publish 109 this RR MAY prefer to place it at their zone's apex. 111 5. Example of a DAKAMI Resource Record 113 An example string one might use is a single static null terminated 114 string consisting of the ascii text "Well Dan, I think you should 115 know........". 117 This text was spoken by Dan's niece Sarah, in the famous video "Sarah 118 on DNS" [SARAH-ON-DNS] which sent an important message about DNS in 119 what later would become known as the Kaminsky Bug. It can also be 120 seen as the start of a message that the DNS querier is sending to 121 Dan. 123 The length of this example RDATA is 42 octets, signifying Dan 124 Kaminsky's age at the time of his untimely passing as well as 125 signifying his quest to always learn more about life, the universe 126 and everything. The number 42 in ASCII also represents the wildcard, 127 and Dan Kaminsky definitely came into the IETF on a wildcard. 129 5.1. The DAKMAI RDATA Wire Format example 131 The example RDATA Wire Format consists of the following hexadecimal 132 octets: 134 57 65 6c 6c 20 44 61 6e 2c 20 49 20 74 68 69 6e 135 6b 20 79 6f 75 20 73 68 6f 75 6c 64 20 6b 6e 6f 136 77 2e 2e 2e 2e 2e 2e 2e 2e 00 138 5.2. The DAKMAI RDATA Presentation Format example 140 The example RDATA Presentation Format, as visible in zone files 141 [RFC1035], consists of the following ascii string within double 142 quotes: 144 Well Dan, I think you should know........ 146 6. Operational Considerations 148 The DAKAMI RR should have no operational impact on the operation of 149 the DNS. The RR SHOULD NOT be added to the Additional Section. If 150 it is added to the Additional Section, it MUST be added as the last 151 RR and MUST NOT cause truncation or fragmentation of the DNS 152 response. 154 7. Security Considerations 156 The DAKAMI RR does not alter the security of the DNS. 158 Dan Kaminsky considerably improved the security of DNS and the 159 internet in general. His handling of the Kaminsky Bug, together with 160 the help of the people at ISC and elsewhere, has raised the standard 161 of responsible disclosure. 163 8. Privacy Considerations 165 The implementation and usage of the DAKAMI RR has no privacy impact 166 other than revealing an appreciation for a lifetime of achievements 167 by Dan Kaminsky. 169 9. IANA Considerations 171 This document defines a new DNS RR type, DAKAMI, whose value 32767 172 has been allocated by IANA from the DNS Resource Record (RR) TYPEs 173 registry. 175 10. Acknowledgements 177 Dan Kaminsky, we acknowledge you for a lifetime achievement of 178 sharing your technical expertise, for using your knowledge and 179 charisma for good, for inspiring and assisting others no matter what 180 project they were working on and for always reminding us that how we 181 do things is as important as what we do. May your DNS queries flow 182 over the internet for as long as we haven't build something better. 183 Thank you Dan, for everything. 185 ````,::>^*>|;' 186 .^vXe9&HqD#QWd#MDRNNDOFii|*?u\; 187 ,;vFO#MB#K&#qqqwPkDPKmPD&&Dq9X$8NO$OSFfEj, 188 `,?a8N&Q8OdN8DODR9Fv7zvfvvteFzyeeaXDEODkHDBd\|, 189 ->jO#NN#g8&kdDPyFSFtSzz/\*||ojavzu2ZSfuouXPH&DW#Nq]?, 190 ~zKMmk6OHDOgPo]aejm]77]]/|v7ul*||v/zF{uaSDEkaem$9DXm6dKo; 191 "m#qkZ{d$oO$QW7*\Fvz7{\>^=||\>/||>;ri|\LD9wzm]ve{zvwDOF7lZ#/ 192 :eBkk$dDNOmuzm9Srrvv|c;;*,_::;,;,|v/\J\jyFFSuiumozz\^://emjz{N~ 193 -FH9q6oD#&Uqw9J9v|rfz;;".:;',-'',:,:::=/\;,:/^::^v\>^.`,|7>L6#KK&, 194 ,OB6De}ONHdROev}z\L*:^__, `,'' '``-',,'` :i7':- .iv~,;eQu8g: 195 'qg6Q9fHkm9OEv7yo]al-`-``'` `rz_ `|r'',;zakRR, 196 `ERU#9kuF$DP]va}wlt:--`` `:: ::-'',~ejtD| 197 LgXk&Z/lMJjE92XSa\?---``` `` ," ,:l@Pmu 198 '#qPD#Pve1oXFQPm}e?^`-``.-` `,|wO$w. 199 i9uljQu?Sj1Kvmq]=U^=,,`````` .';;OeE1 200 oReeeQKciFiF?;KHij;J>|:'.'.-- `':^uFke 201 fNReu9QPSv]zz;}q{f|o7L;~`,'''- `::?vwyz 202 lNKUOmqeNcruu|EU}viuu||~.,,``-` ':?|W$: 203 ^Qq6HD9ekur7\u6R2jt}z^,''';'-- -:*/6m 204 -WB8O$HPDw{vod#DZlv?:'--,;;'` `',;_,'` `:;c71 205 aQNqDEOqe>zmKDq{]'``-`'::,`:|FfvF7}zf\?^^?|?;' ` ` ';=|=?|iommzz 206 ,ooS9ggQeXau]X#qm:``.-_',?vj6emyeaaJSSaFXP$6wec,r::` `':/m$DR#gDgP9P] 207 vezu|]w$KO2kkudDZ,'``-',_:;;^^_--`_:;rrr^;";|v\;^^,` `.';FJ6Xov*;~^]9Kv 208 .O2i7^//JEK9q&mDE|,``-``.-,,:;^>?SXQQjNjL7uvi|\;~'`- `'aO&&H@Qwqw1vvN? 209 uz]];|7^;i1DRW8]r;'`.`` -,,,?vjkq;zQ#d:`:j$}v;-~'-`` ,W]cdHN]:^m2Xmq; 210 :y|/-,,,;^\mZOL^\:' ``` `'-``,:_,',:,-.,~,,'` `','` 'O/`-',;,;*r;>D: 211 `e;*``':r;>]z>;^;;'``` ```-.''''-,,:^=::'-`-.-'-. `?y::::;;;:'-;UL 212 \v; ,":1i;;r>/zL:''` ``',,.- ``````-``-` 'i;,-` `~]w 213 `z=- :~^F,`'|;;^^;,.`` ``-'.-` `;>;:,'``` `'|9` 214 :};"'';yz,.\?|z/;~,'` `',::,,'` _;;::,`-``--?9' 215 \:;;,`:z;'|*^}v|r;:`` `._:;;;_':,-- -;>\,'-```-`^K: 216 'F":^.`,"-*\::v\^;,.-` ` `,^rr=^:' '''` .?z\'``````:q| 217 'Llr:` `,^v|;?\\;;:,,`` ` ``:^|^,';i^:,.,,'''` ` `?U- ``-;X/ 218 ,|L^'`.,vJ^:z*/\r^,''```-````',':;"` `;/\iLFyv^":,~;SNo:- ```';X| 219 `rMm|:|>r^;||;:,,','-`--``-':::'` --`-` .|jeujeyt|?:;:``-.?N: 220 'NoL\;/|;^^||i?;::,','.``:;:^'` --`-'-` -:|r?;,``,\*;>:`.;je 221 .M{\/|>|^;;7?*^:_,:,,"'-._;:*,-' ````,^?|il7\\|?/zji?7:;:`.;E^ 222 'Nt|\?/z^:r;^rr;;::_,,'''':;r*i\|=|\zFoamoeyZSoXXj2oePP;:,,:z$` 223 ,#L?^:}v|:;;^*^::::,'''-.`,,:'',:ri\|?r:::_~:;;:,,,"c>~..'_|O; 224 ,Qvv*^^jJ:;:;*^;,,_,,.```- `'''`...,:rrr;::;,:~,_;;|r;'--;\a\ 225 :W\/;r;;1?^;;;;^:,'`--`` ` `- ``':;:;:;;:;;^;^r^\:,,':*m| 226 ;D\||;:;?L*|;^;?;:,,'.` ` ``.` -`',:::^;;;:rr;:'',~:rS; 227 v$|/*\;~';1z|^;;:;;,''.````-``''-.`-``````.--.`------,:{1- 228 ':>LN]r*?;;:','*lu|^;;?r,''-'..-``-``` ``-``.-`-` ``-._li` 229 'zy}/uRR\r>r^\:,,'.':|i\^r=*;:_.'.`...-```'````````'-```-',:l? 230 ^j7^:,rqu\|L|\;::::_'``_;/J=**^^^^;;:::,',::',''.'`.,'',',;^J; 231 \S^;:''',?i|;|*;^;::,:;','',r\?*\\|cl/|\\^;;^;;_::,,',~:??LfF" 232 `/^:;::,-'''r|L|??;;;,,,":,,',:?7v7|\Lzjj1i|*|?\/||?|r/\/F]]r` 233 ',::;::',''.`'r|7>^;",,-'',,:::,;L{zi*^>?||v1ioSujez{zZo/:` 234 `',:_,"''',```-`';v/::,'-'.'.'','":^zo}i\\/i\/*r|vvvao~ 235 `':^;;:".:,'`'--`. rtt\:',-``.`,'~',,^\1]]7{eeuF1F7uN]_ 236 ::;::;>::_:-.`- -`-`-.?||:,.-````-'::^;;^|1u]yjvF}vwZ|/c7;` 237 'cr?^_:;;::"---'`'`-````'?zz;-'-``` `''_;:>7yZSatv=Oev;;rmdjz\;` 238 -:=uz\?;r;;;",,','.``.`-````:|L/;,',,'',,':;::*/lvvj9jj^r^:\X]aK$zr' 239 ,:;;>v/{r*^^;;::::,'--`` `-```,\ii;;;:r;::;;;^;^?rk2jF^;;;,|aFuFz]oi^' 241 11. References 243 11.1. Normative References 245 [RFC1035] Mockapetris, P., "Domain names - implementation and 246 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 247 November 1987, . 249 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 250 Requirement Levels", BCP 14, RFC 2119, 251 DOI 10.17487/RFC2119, March 1997, 252 . 254 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 255 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 256 May 2017, . 258 11.2. Informative References 260 [SARAH-ON-DNS] 261 Kaminsky, D. and S. Roberts, "Sarah On DNS", 2008, 262 . 264 Author's Address 266 Paul Wouters (editor) 267 The Internet 269 Email: paul@nohats.ca