599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Expires April 1999
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Domain Name System (DNS) Security Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ------ ---- ------ ----- -------- --- --------
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Donald E. Eastlake 3rd, Mark Andrews
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffStatus of This Document
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This draft, file name draft-ietf-dnssec-rollover-00.txt, is intended
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to be become a Proposed Standard RFC. Distribution of this document
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is unlimited. Comments should be sent to the DNS security mailing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff list <dns-security@tis.com> or to the authors.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This document is an Internet-Draft. Internet-Drafts are working
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff documents of the Internet Engineering Task Force (IETF), its areas,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff and its working groups. Note that other groups may also distribute
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff working documents as Internet-Drafts.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Internet-Drafts are draft documents valid for a maximum of six
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff months. Internet-Drafts may be updated, replaced, or obsoleted by
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff other documents at any time. It is not appropriate to use Internet-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Drafts as reference material or to cite them other than as a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ``working draft'' or ``work in progress.''
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff To view the entire list of current Internet-Drafts, please check the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Practical deployment of Domain Name System (DNS) security with good
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff cryptologic practice will involve large volumes of key rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff traffic. A standard format and protocol for such messages is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 1]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffTable of Contents
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Status of This Document....................................1
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Abstract...................................................1
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Table of Contents..........................................2
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 1. Introduction............................................3
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 2. Key Rollover Scenarios..................................3
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 3. Rollover Operation......................................4
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 3.1 Rollover to Parent.....................................4
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 3.2 Rollover to Children...................................5
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 4. Rollover NOTIFY.........................................6
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 5. Security Considerations.................................7
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff References.................................................8
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Authors Address............................................8
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Expiration and File Name...................................9
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 2]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff1. Introduction
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The Domain Name System (DNS) [RFC 1034, RFC 1035] is the global
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff hierarchical replicated distributed database system for Internet
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff addressing, mail proxy, and other information. The DNS has been
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff extended to include digital signatures and cryptographic keys as
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff described in [draft-ietf-dnssec-secext2-*].
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The principle security service provided for DNS data is data origin
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff authentication. The owner of each zone signs the data in that zone
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff with a private key known only to the zone owner. Anyone that knows
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the corresponding public key can then authenticate that zone data is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff from the zone owner. To avoid having to preconfigure resolvers with
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff all zone's public keys, keys are stored in the DNS with each zone's
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff key signed by its parent (if the parent is secure).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff To obtain high levels of security, keys must be periodically changed,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff or "rolled over". The longer a private key is used, the more likely
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff it is to be compromised due to cryptanalysis, accident, or treachery
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [draft-ietf-dnssec-secops-*.txt].
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff In a widely deployed DNS security system, the volume of update
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff traffic will be large. Just consider the .com zone. If only 10% of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff its children are secure and change their keys only once a year, you
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff are talking about hundreds of thousands of new child public keys that
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff must be securely sent to the .com manager to sign and return with
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff their new parent signature. And when .com rolls over its private
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff key, it will needs to send hundreds of thousands of new signatures on
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the existing child public keys to the child zones.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The key words "MUST", "REQUIRED", "SHOULD", "RECOMMENDED", and "MAY"
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff in this document are to be interpreted as described in RFC 2119.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff2. Key Rollover Scenarios
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Although DNSSEC provides for the storage of other keys in the DNS for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff a variety of purposes, DNSSEC zone keys are included solely for the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff purpose of being retrieved to authenticate DNSSEC signatures. Thus,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff when a zone key is being rolled over, the old public key should be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff left in the zone, along with the addition of the new public key, for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff as long as it will reasonably be needed to authenticate old
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff signatures that have been cached or are held by applications. If
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff DNSSEC were universally deployed and all DNS server's clocks were
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff synchronized and zone transfers were instantaneous etc., it might be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff possible to avoid ever having duplicate old/new KEY RRsets but they
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff will be necessary in practical cases. Security aware DNS servers
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff decrease the TTL of secure RRs served as the expiration of their
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff authenticating SIG(s) approaches but some dithered fudge must
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 3]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generally be left due to clock skew and to avoid massive load on
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff large zones due to the signatures on their entire contents expiring
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff simultaneously.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Assume a zone with a secure parent and secure children wishes to role
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff over its KEY RRset. This RRset would probably be one KEY RR per
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff crypto algorithm used to secure the zone, but for this scenario, we
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff will simply assume it is one KEY RR. The old KEY RR and two SIG RRs
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff will exist at the apex of the zone and these RRs may also exist at
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the leaf node for this zone in its parent. The contents of the zone
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff and the zone KEY RRs of its secure children will have SIGs under the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The zone owner needs to communicate with its parent to obtain a new
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff parental signature covering both the old and new KEY RRs and covering
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff just the new KEY RR. It would probably want to obtain these in
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff advance so that it can install them at the right time along with its
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff new SIG RRs covering the content of the zone. Finally, it needs to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff give new SIG RRs to its children that cover their KEY RRs if it has
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff these, or signal its children to ask for such SIG RRs.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3. Rollover Operation
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Rollover operations use a DNS request syntactically identical to the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff UPDATE request [RFC 2136] except that the operation is ROLLOVER which
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is equal to TBD. Considerations for such request to the parent and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff children of a zone are given in the subsections.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [This draft does not currently consider cross-certification key
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.1 Rollover to Parent
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A zone rolling over its KEY RRset sends a ROLLOVER command to the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff parent. The Zone should be specified as the parent zone and no
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Prerequisites are included. The Update section has the KEY RRset on
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff which the parent signature is requested along with the requesting
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone's SIG(s) under its old KEY(s) as RRs to be added to the parent
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone. The inception and expiration times in this SIG are the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff requested inception and expiration times for the parent SIG.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the ROLLOVER command is erroneous or violates parental policy, an
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Error response is returned.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the ROLLOVER command is OK and the parent can sign online, its
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff response may include the new parent SIG(s) in the Update section.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 4]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This response MUST be sent to the originator of the request.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the parent can not sign online, it should return a response with
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff an empty Update section and queue the SIG(s) calculation request.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This response MUST be sent to the originator of the request.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Regardless of whether the server has sent the new signatures above,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff it MUST, once it has calculated the new SIG(s), send a ROLLOVER to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the child zone using the DNS port (53) and the server selection
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff algorithm defined in RFC 2136, Section 4. This ROLLOVER reqeust
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff contains the KEY RRset that triggered it and the new SIG(s). This
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff downward ROLLOVER request is distinguished from those in Section 3.2
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff below in that the Zone section is the parental zone.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The reason for sending the ROLLOVER request regardless of whether the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff new SIG RR(s) were sent in the original response is to provide an
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff indication to the operators of the zone in the event someone is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff trying to hijack the zone.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Although the parent zone need not hold or serve the child's key, the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ROLLOVER command MUST NOT actually update the parent zone. A later
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff UPDATE command can be used to actually put the new KEY into the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff parent zone if desired and supported by parent policy.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This document does not cover the question of parental policy on key
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff rollovers. Parents may have restrictions on how far into the future
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff they will sign KEY RRsets, what algorithms or key lengths they will
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff support, might require payment for the service, etc. The signing of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff a future KEY by a parent is, to some extent a granting to the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff controller of the child private key of future authoritative existence
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff even if the child zone ownership should change. The only effective
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff way of invalidating such future signed child public keys would be for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the parent to roll over its key(s), which might be an expensive
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff3.2 Rollover to Children
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff When a zone is going to rollover its key(s), it needs to re-sign the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff zone keys of any secure children under its new key(s).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the parent holds the KEY RRset for the child (whether or not it
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff actually serves it from the parent zone), it can simply do a ROLLOVER
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff request to to child specifying the child as the Zone in the request
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff and the new SIG(KEY)s to be added in the Update section. The
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff inception and expiration times in the SIG(s) indicate the time during
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff which the parent will be utilizing the new parent key. It is up to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the child when and how it adds the new parental SIG(s). The ROLLOVER
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff request may optionally indicate the deletion of old parental SIG(s)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 5]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff but SHOULD only do so if the corresponding key is being withdrawn by
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the parent in advance of the expiration time in the old SIG(s). It
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is up to the child when and how it deletes the old parental SIG(s).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Even if the expiration of the old SIG(s) equals the inception time of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the new SIG(s), the child should serve both signatures for a fudge
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff time to account for clock skew.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A ROLLOVER request is used instead of an UPDATE because serves may
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff wish to support ROLLOVER via special techniques, such as notification
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to the operator, even when they have not implemented UPDATE. With
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff adequate advance notice, even manual cut and paste editing of the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff master file and restarting of a DNS server process could work.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff If the parent does not retain knowledge of the child KEY RRset, then
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the parent simply notifies the child via a ROLLOVER NOTIFY (see
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Section 4 below) that the parent KEY(s) have changed. The child then
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff proceeds to do an upward ROLLOVER request to obtain the new parental
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff SIG(s). (This requires that a different method, such as TSIG, be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff used to secure such ROLLOVER requests since we are assuming the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff parent does not have authoritative knowledge of the child public key.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff See Section 5 below.)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The NOTIFY technique MAY also be used by parents who retain knowledge
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff of their children's KEY RRsets.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff4. Rollover NOTIFY
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A ROLLOVER NOTIFY informs a child zone that the parent zone want it
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to resubmit its keys for resigning.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A ROLLOVER NOTIFY MUST be signed and if not signed a BADAUTH response
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A ROLLOVER NOTIFY is a NOTIFY reqeust [RFC 1996] that has a QTYPE of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff SIG and the owner name of the child zone. The answer section is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The ROLLOVER NOTIFY can be sent to any of the nameservers for the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff child using the nameserver selection algorithm defined in RFC 2136,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Nameservers for the child zone receiving a ROLLOVER NOTIFY query will
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff forward the ROLLOVER NOTIFY in the saem manner as an UPDATE is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Unless the master server is configured to initiate an automatic
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ROLLOVER it MUST seek to inform its operators that a ROLLOVER NOTIFY
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff request has been received. This could be done by a number of methods
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 6]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff including generating a log message, generating an email request to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the child zone's SOA RNAME or any other method defined in the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff server's configuration for the zone. The default should be to send
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mail to the zone's SOA RNAME. Care should be taken to rate limit
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff these message so prevent them being used to facilitate a denial of
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff service attack.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Once the message has been sent (or suppressed) to the child zone's
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff administrator the master server for the child zone is free to respond
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to the ROLLOVER NOTIFY request.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff5. Security Considerations
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The security of ROLLOVER or UPDATE requests is essential, otherwise
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff false children could steal parental authorization or a false parent
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff could cause a child to install an invalid signature on its zone key,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A ROLLOVER request can be authentication by request SIG(s)under the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff old zone KEY(s) of the requestor [draft-ietf-dnssec-secext2-*.txt].
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff The response SHOULD have transaction SIG(s) under the old zone KEY(s)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff of the responder. (This public key security could be used to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff rollover a zone to the unsecured state but at that point it would
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff generally not be possible to roll back without manual intervention.)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Alternatively, if there is a prior arrangement between a child and a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff parent, ROLLOVER requests and responses can be secured and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff authenticated using TSIG [draft-ietf-dnssec-tsig-*.txt]. (TSIG
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff security could be used to rollover a zone to unsecured and to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff rollover an unsecured zone to the secured state.)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff A server that implements online signing SHOULD have the ability to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff black list a zone and force manual processing or demand that a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff particular signature be used to generate the ROLLOVER request. This
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff it to allow ROLLOVER to be used even after a private key has been
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 7]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC 1034] - P. Mockapetris, "Domain names - concepts and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff facilities", 11/01/1987.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC 1035] - P. Mockapetris, "Domain names - implementation and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff specification", 11/01/1987.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC 1996] - P. Vixie, "A Mechanism for Prompt Notification of Zone
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Changes (DNS NOTIFY)", August 1996.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [RFC 2136] - Dynamic Updates in the Domain Name System (DNS UPDATE).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff P. Vixie, Ed., S. Thomson, Y. Rekhter, J. Bound. April 1997.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [draft-ietf-dnsind-tsig-*.txt]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [draft-ietf-dnssec-update2-*.txt]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [draft-ietf-dnssec-secext2-*.txt]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [draft-ietf-dnssec-secops-*.txt]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffAuthors Address
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Donald E. Eastlake 3rd
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 318 Acton Street
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Carlisle, MA 01741 USA
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Telephone: +1 978-287-4877
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff +1 914-784-7913
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff FAX: +1 978-371-7148
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff EMail: dee3@us.ibm.com
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Internet Software Consortium
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 1 Seymour Street
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Dundas Valley, NSW 2117
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Telephone: +61-2-9871-4742
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Email: marka@isc.org
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 8]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffINTERNET-DRAFT October 1998 DNSSEC Key Rollover
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffExpiration and File Name
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff This draft expires in April 1999.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Its file name is draft-ietf-dnssec-rollover-00.txt.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffD. Eastlake 3rd, M. Andrews [Page 9]