599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffDomain Name System Security WG Edward Lewis
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET DRAFT Olafur Gudmundsson
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff<draft-ietf-dnssec-key-handling-00.txt> Trusted Information Systems
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff November 21, 1997
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Zone KEY RRSet Signing Procedure
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff0.0 Status of this Memo
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This document is an Internet-Draft. Internet-Drafts are working
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff documents of the Internet Engineering Task Force (IETF), its
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff areas, and its working groups. Note that other groups may also
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff distribute working documents as Internet-Drafts.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Internet-Drafts are draft documents valid for a maximum of six
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff months and may be updated, replaced, or obsoleted by other
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff documents at any time. It is inappropriate to use Internet-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Drafts as reference material or to cite them other than as
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ``work in progress.''
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff To learn the current status of any Internet-Draft, please check
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the ``1id-abstracts.txt'' listing contained in the Internet-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Drafts Shadow Directories on ftp.is.co.za (Africa),
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ds.internic.net (US East Coast), nic.nordu.net (Europe),
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This Internet Draft expires on 21 May 1998.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Please send comments to the authors and dns-security@tis.com.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Under the security extensions to DNS, as defined in RFC 2065 and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RFC 2137, a secured zone will have a KEY RRSet associated with
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the domain name at the apex of the zone. This document covers
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the manner in which this RRSet is generated, signed, and inserted
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff into the name servers.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff1.5 Change Log
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Version 01 - draft-lewis-dnskey-handling-01.txt:
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Minor editorial changes.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Added paragraph in section 3.1 elaborating on off-net versus off-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Added paragraph in section 4.0, step 2, requiring proof of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff private key ownership.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Added Change Log section.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Version 02 - draft-ietf-dnssec-key-handling-00.txt:
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Minor editorial changes.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Dynamic update reference changed from a draft to an RFC.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 1]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff2.0 Introduction
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Under the security extensions to DNS, as defined in RFC 2065
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC2065] and [RFC2137], a secured zone will have a KEY RRSet
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff associated with the domain name at the apex of the zone. At
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff least one of the KEY RR's will be a public key that is used
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to verify SIG RR's in the zone. The SIG(KEY) RR covering this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RRSet must itself be signed by some other domain name, "some
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff other" being required to build a chain of trusted verifications.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff (The alternative to requiring a different signer is to have
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff each name server hold all the public keys it will ever need in
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff a trusted place, which is not a scaleable solution.) A key
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff administration protocol external to the existing DNS protocol
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is needed to produce the signature of the KEY RR's and to get
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff it into the DNS name servers.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff As this is a first document on the subject, the "administration
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff protocol" will be described more as an "administrative procedure
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The challenge is to design a secure procedure for handling the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff unsigned public keys as they move from the place of generation
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to a place where they are signed. The procedure must also
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff eventually lead to the insertion of the keys and signature into
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the zone master file on a primary name server. The place of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generation and the place of the signing are recommended to be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff disconnected from the Internet in order to protect the private
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff keys produced and/or used in the procedure. The two locations
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff may also be disconnected from each other.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The security of the public keys in this procedure is crucial to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the operation of the secure zone. An attack in which a false
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff public key is submitted for signing would enable a masquerade of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the true zone data by the attacker.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff2.1 Terminology convention
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff In the literature on DNS, different terms are used to describe
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the relationship of zones. "Super-zone and sub-zone," "parent
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff and child," and "delegator and delegatee" each refer to two
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zones joined at a "zone cut." For each of the set of terms, the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff former is the zone above the cut point, the latter is below the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff cut point. In this document, we use the terms delegator and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.0 DNSSEC Configuration Variants
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff There are a number of variants in the way in which DNSSEC can be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff configured that impact a discussion of key management. The
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff discussion in section 4.0 will assume a nominal configuration
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff (defined in section 3.4) to simplify this document. In this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff section, pertinent configuration decisions are described, and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff how the choices make a particular configuration differ from the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff so-called nominal configuration.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 2]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff In DNSSEC the configuration of DNS operations and signing fall
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff into two categories. The most secure is the use of an "off-net"
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff signer. The alternative is to use an "on-net" signer. These
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff two alternatives correspond to the Mode A and Mode B distinction
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff in UPDATE. (Mode A's initial zone signing is performed off-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The decision whether off-net or on-net signing is used is based
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff upon the risk assessment of the site's network management. An
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff on-net key is more vulnerable to attack than an off-net key just
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff by being present somewhere on the network. Off-net signing is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff recommended for tighter security. Being behind a firewall might
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff be deemed insufficient if the administration does not trust the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff protection in other parts of the network. This is matter of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff choice for sites.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff In off-net signing, the machinery performing the act of creating
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the keyed signature is not reachable from the network the DNS
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff (name server set) is serving. I.e., there is no direct
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mechanism for data transfer from the signing machine to a name
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff server. Without loss of generality, the DNS served network may
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff be thought of as the Internet.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The off-net signer need not be a stand-alone machine it may be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff on an "air-gapped" (not physically connected) network. This
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff network may be just a very local network (i.e., within one
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff office or machine room), reserved for sensitive network
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff administration use. For the purposes of this document, this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff will be labeled the back-room network (even if just a stand-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff alone machine is on it).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The back-room network needs to be able to get information from
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the Internet to derive the unsigned zone master files (among
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff other things). The back-room network generates the signed
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff files, which are inserted to the Internet DNS servers. The
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mechanism to carry this out may be removable "static" media.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ADDED for draft-01:
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff (The preceding discussion focuses on the original signing of a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone. Dynamic update requests for both off-net and on-net
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff situations are signed on-net, in the case of off-net, a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff different key is used to sign the updates. The choice of off-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff net or on-net is a comparison of the administrative effort to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff maintain off-net signing versus the risk of an on-net private-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff key compromise.)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff For the purposes of this document, if off-net signing is used,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff we assume key generation is also performed off-net.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff On-net signing simply means the signer is accessible over the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Internet. If the back-room network exists, it is connected to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 3]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the Internet. In the procedures described below, the steps used
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to transfer information from the Internet to the back-room
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff network are obviously unnecessary.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.2 Relationship of Zone and Key Signer
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff In a nominal state, a zone's delegator will also be the signer
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff of the delegated zone's KEY RR set. E.g., for a zone named
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff "xz.test." with an NS RRSet at that name, the domain name
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff "test." would be the delegator of "xz.test." and signer of its
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff KEY RRSet. However, there may be cases in which some other
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff entity is the signer.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The role and composition of the "other entity" is not yet
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff defined, and may or may not ever be defined. This entity has
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff been referred to as a Signing Authority, whose sole purpose is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to sign records for clients. This may be more or less a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff certification authority for DNS KEY RRSets. For the purposes of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff this document, this entity will be assumed to be the delegating
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone, and it will be referred to as the "signing entity."
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.3 Name Server Topology
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The separation between two delegated zones may mean that the two
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff do not share any name servers, such as most names under .COM and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff .COM itself. In general, the set of name servers for two zones
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff may overlap. This document will focus on cases in which zones
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff do not share name servers or other facilities.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the two zones share the same name servers they likely will
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff share the mechanism for the generation of zone keys. In this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff case, the transfer of information between the zones becomes a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff moot point because the problem may degenerate into accessing a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff file in a shared file system. For zones sharing a back-room
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff network, the data for the two zones (between the off-net and on-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff net machines) can be transferred together.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.4 The Nominal Configuration
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The nominal configuration used within the context of this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff document is that the zones involved (one being the zone
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generating the keys and the other zone performs the signing)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff each employ off-line signing, and employ distinct sets of name
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff servers. In addition, the zone performing the signing is the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone above the delegation point that creates the zone which is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generating and requesting the signing of its keys.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The steps described here assume the nominal configuration in
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff section 3.4. In some configurations, the steps listed in this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff section may degenerate into null or very simple operations.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Additionally, some steps can be carried out in parallel even
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff with the nominal configuration, so the strict ordering described
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 4]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff here need not be followed.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 0. A delegation needs to be instituted. A means to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff authenticate both the delegator to the delegatee and vice versa
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is also needed.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A delegation may only need to be created once. A NS RRSet and a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff KEY RRSet must be installed by the delegating zone. Until a key
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff pair is generated the KEY RRSet will have a null zone key,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff indicating that the delegated zone is initially unsecured.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Instituting means to authenticate the participants must occur
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff initially, and then again if the means of authentication (e.g.,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff a secret key) is ever compromised.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff How a delegation comes about is a subject for registries and/or
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff local network administration policies and procedures. These
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff groups should be aware of the responsibilities entailed in
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff instituting DNS security, especially the need for an active
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff recurring relationship, as the remaining steps describe.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff It is assumed that at some point, the delegated zone acquires a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff trusted public key(s) for at least one other entity. This could
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff be for root, the delegating zone, or for a signing authority.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff These keys may be DNS zone keys or keys for some application,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff e.g., trusted mail. This will enable the use of other secure
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff services to achieve the following steps. Selecting the services
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff may be within the scope of this document, but which should be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff selected is still open for discussion.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 1. Delegated zone generates zone keys. A new pair may be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generated without changing the other pairs in use (assuming
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff others exist).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 2. The delegated zone sends keys to the signing entity.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff All of the public key information, encoded in such a way that
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the KEY RR's can be generated from it, crosses from the back-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff room net to the Internet, and is shipped securely to the signing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff entity. (Implementing "securely" is still an open issue.) It
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is important that both the delegated zone and the signing entity
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff authenticate themselves to each other.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff All public keys must be included, both newly generated and those
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff in current use. Keys are retired through omission.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ADDED for draft-01:
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The delegated zone must prove ownership of the private keys
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff corresponding to each public key. This may be done by signing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the collection of public key data with each of the private keys.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Thus the submission would consist of one copy of each public key
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff and as many signatures as there were public keys. (For example,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff submitting five public keys would require sending all five plus
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff five signatures.) This signing is only done to prove the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 5]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ownership of the private key, not for authentication.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 3. The signing entity signs the key set. The algorithm
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff used to sign the KEY RRSet need not be the same as the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff algorithm(s) for which the keys were generated.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 4. The delegated zone receives KEY RRSet and SIG(KEY) RR
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff from the signing entity. The delegated zone must verify the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff keys and signature locally. The zone must also verify that the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff KEY RRSet is identical to the set of keys submitted for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff signature in step 2, to protect against a masquerader from
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff submitting keys for signature. Once the records are signed,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff there is no requirement for enhanced security while transmitting
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the information across the Internet because the DNS signature
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff provides non-repudiation.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 5. Delegating zone gets the KEY RRSet and SIG(KEY) RR.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The KEY RRSet and the SIG(KEY) RR are sent from the signing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff entity to the delegating zone's master files and optionally the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff name servers. In the nominal case, the signing entity and the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff delegating zone are one in the same, so this may be a trivial
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff step. (The latter is to ensure the public key will be available
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff for verifications once the signing process - step 7 - is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 6. The delegating zone signs its zone data. This step may
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff be done in parallel with steps 2-5. Note: signing a zone does
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff not require that a new key pair be generated.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Step 7. The new zone data enters DNS. The KEY RRSet, SIG(KEY
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RR) and the rest of the signed zone data and signatures traverse
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff from the back-room network and are inserted into the DNS primary
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff name server serving the Internet side.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Steps 1 through 7 are repeated whenever a new key pair is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff required. Note that the signing in step 6 may not sign all
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff records; some records may have signature records from older keys
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff that are sufficient.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff5.0 Resigning a KEY RRSet
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff When the delegating zone resigns itself, the KEY RRSet of a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff delegated zone may be resigned. In this case, the newly created
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff SIG(RR) must be sent to the delegatee for inclusion.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The signing of a delegatee's keys in the manner of the previous
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff paragraph may be prompted by a request from the delegatee. A
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff SIG(RR) record may be approaching its expiration date, although
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the KEY RRSet it is verifying has not changed.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff6.0 Open Issues
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This section is intentionally left undeveloped to encourage more
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 6]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Timing of steps, required response times.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The signing cycles of zones will likely be out of phase of each
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff other. If they were not, then there would be "signing crunches"
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff which would add variability to the spacing of events in the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff procedure. One issue is how this should be addressed. Should
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff there be a recommended limit on signing entity's response?
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Should this even be specified?
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Can secure e-mail be used? Perhaps, and discussions to this
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff effect have occurred, using secure e-mail as a conduit for (at
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff least) the unsigned keys.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff7.0 Operational Considerations
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A widely delegated zone, such as .COM, or a zone publishing KEY
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RR's for others, such as a large Internet access provider,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff should expect a huge performance impact in signing the KEY
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RRSets for it delegations. Running on a Pentium 166MHz
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff computer, simply signing the current .COM records, requires 40
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff hours. (Measured in January 1997.) This covers just the NXT
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RRSets and a few other records. Having to sign a KEY RRSet for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff each member of the zone will require about the same computing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff resources, and much more overhead in the handling of the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff individual KEY RRSets.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff8.0 Security Considerations
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This document discusses a procedure for handling the keys used
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff by DNS for its security and the keys for applications employing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff DNS for key distribution. Once in DNS, keys are protected by
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the presence of a keyed hash, which can be used to verify the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff source and integrity of the public key data. During the process
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff described here, the keyed hash is not yet present, leaving the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff keys vulnerable to modification. The security of this process
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is crucial to the usefulness of DNS as a key distribution
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mechanism. At this point many issue remain to be resolved, a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff thorough security analysis of the process is premature.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff9.0 References
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC2065] "Domain Name System Security Extensions," D. Eastlake,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 3rd, and C. Kaufman
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC2137] "Secure Domain Name System Dynamic Update," D.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Eastlake, 3rd
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 7]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffInternet Draft May 21, 1998
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff10.0 Author's Addresses
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Edward Lewis Olafur Gudmundsson
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Trusted Information Systems Trusted Information Systems
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 3060 Washington Road 3060 Washington Road
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Glenwood, MD 21738 Glenwood, MD 21738
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff +1 301 854 5794 +1 301 854 5700
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff <lewis@tis.com> <ogud@tis.com>
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpires November 21, 1997 [Page 8]