From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc3008.txt | 395 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 395 insertions(+) create mode 100644 doc/rfc/rfc3008.txt (limited to 'doc/rfc/rfc3008.txt') diff --git a/doc/rfc/rfc3008.txt b/doc/rfc/rfc3008.txt new file mode 100644 index 0000000..08a4a8f --- /dev/null +++ b/doc/rfc/rfc3008.txt @@ -0,0 +1,395 @@ + + + + + + +Network Working Group B. Wellington +Request for Comments: 3008 Nominum +Updates: 2535 November 2000 +Category: Standards Track + + + Domain Name System Security (DNSSEC) Signing Authority + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2000). All Rights Reserved. + +Abstract + + This document proposes a revised model of Domain Name System Security + (DNSSEC) Signing Authority. The revised model is designed to clarify + earlier documents and add additional restrictions to simplify the + secure resolution process. Specifically, this affects the + authorization of keys to sign sets of records. + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [RFC2119]. + +1 - Introduction + + This document defines additional restrictions on DNSSEC signatures + (SIG) records relating to their authority to sign associated data. + The intent is to establish a standard policy followed by a secure + resolver; this policy can be augmented by local rules. This builds + upon [RFC2535], updating section 2.3.6 of that document. + + The most significant change is that in a secure zone, zone data is + required to be signed by the zone key. + + Familiarity with the DNS system [RFC1034, RFC1035] and the DNS + security extensions [RFC2535] is assumed. + + + + + + +Wellington Standards Track [Page 1] + +RFC 3008 DNSSEC Signing Authority November 2000 + + +2 - The SIG Record + + A SIG record is normally associated with an RRset, and "covers" (that + is, demonstrates the authenticity and integrity of) the RRset. This + is referred to as a "data SIG". Note that there can be multiple SIG + records covering an RRset, and the same validation process should be + repeated for each of them. Some data SIGs are considered "material", + that is, relevant to a DNSSEC capable resolver, and some are + "immaterial" or "extra-DNSSEC", as they are not relevant to DNSSEC + validation. Immaterial SIGs may have application defined roles. SIG + records may exist which are not bound to any RRset; these are also + considered immaterial. The validation process determines which SIGs + are material; once a SIG is shown to be immaterial, no other + validation is necessary. + + SIGs may also be used for transaction security. In this case, a SIG + record with a type covered field of 0 is attached to a message, and + is used to protect message integrity. This is referred to as a + SIG(0) [RFC2535, RFC2931]. + + The following sections define requirements for all of the fields of a + SIG record. These requirements MUST be met in order for a DNSSEC + capable resolver to process this signature. If any of these + requirements are not met, the SIG cannot be further processed. + Additionally, once a KEY has been identified as having generated this + SIG, there are requirements that it MUST meet. + +2.1 - Type Covered + + For a data SIG, the type covered MUST be the same as the type of data + in the associated RRset. For a SIG(0), the type covered MUST be 0. + +2.2 - Algorithm Number + + The algorithm specified in a SIG MUST be recognized by the client, + and it MUST be an algorithm that has a defined SIG rdata format. + +2.3 - Labels + + The labels count MUST be less than or equal to the number of labels + in the SIG owner name, as specified in [RFC2535, section 4.1.3]. + +2.4 - Original TTL + + The original TTL MUST be greater than or equal to the TTL of the SIG + record itself, since the TTL cannot be increased by intermediate + servers. This field can be ignored for SIG(0) records. + + + + +Wellington Standards Track [Page 2] + +RFC 3008 DNSSEC Signing Authority November 2000 + + +2.5 - Signature Expiration and Inception + + The current time at the time of validation MUST lie within the + validity period bounded by the inception and expiration times. + +2.6 - Key Tag + + There are no restrictions on the Key Tag field, although it is + possible that future algorithms will impose constraints. + +2.7 - Signer's Name + + The signer's name field of a data SIG MUST contain the name of the + zone to which the data and signature belong. The combination of + signer's name, key tag, and algorithm MUST identify a zone key if the + SIG is to be considered material. The only exception that the + signer's name field in a SIG KEY at a zone apex SHOULD contain the + parent zone's name, unless the KEY set is self-signed. This document + defines a standard policy for DNSSEC validation; local policy may + override the standard policy. + + There are no restrictions on the signer field of a SIG(0) record. + The combination of signer's name, key tag, and algorithm MUST + identify a key if this SIG(0) is to be processed. + +2.8 - Signature + + There are no restrictions on the signature field. The signature will + be verified at some point, but does not need to be examined prior to + verification unless a future algorithm imposes constraints. + +3 - The Signing KEY Record + + Once a signature has been examined and its fields validated (but + before the signature has been verified), the resolver attempts to + locate a KEY that matches the signer name, key tag, and algorithm + fields in the SIG. If one is not found, the SIG cannot be verified + and is considered immaterial. If KEYs are found, several fields of + the KEY record MUST have specific values if the SIG is to be + considered material and authorized. If there are multiple KEYs, the + following checks are performed on all of them, as there is no way to + determine which one generated the signature until the verification is + performed. + + + + + + + + +Wellington Standards Track [Page 3] + +RFC 3008 DNSSEC Signing Authority November 2000 + + +3.1 - Type Flags + + The signing KEY record MUST have a flags value of 00 or 01 + (authentication allowed, confidentiality optional) [RFC2535, 3.1.2]. + A DNSSEC resolver MUST only trust signatures generated by keys that + are permitted to authenticate data. + +3.2 - Name Flags + + The interpretation of this field is considerably different for data + SIGs and SIG(0) records. + +3.2.1 - Data SIG + + If the SIG record covers an RRset, the name type of the associated + KEY MUST be 01 (zone) [RFC2535, 3.1.2]. This updates RFC 2535, + section 2.3.6. The DNSSEC validation process performed by a resolver + MUST ignore all keys that are not zone keys unless local policy + dictates otherwise. + + The primary reason that RFC 2535 allows host and user keys to + generate material DNSSEC signatures is to allow dynamic update + without online zone keys; that is, avoid storing private keys in an + online server. The desire to avoid online signing keys cannot be + achieved, though, because they are necessary to sign NXT and SOA sets + [RFC3007]. These online zone keys can sign any incoming data. + Removing the goal of having no online keys removes the reason to + allow host and user keys to generate material signatures. + + Limiting material signatures to zone keys simplifies the validation + process. The length of the verification chain is bounded by the + name's label depth. The authority of a key is clearly defined; a + resolver does not need to make a potentially complicated decision to + determine whether a key has the proper authority to sign data. + + Finally, there is no additional flexibility granted by allowing + host/user key generated material signatures. As long as users and + hosts have the ability to authenticate update requests to the primary + zone server, signatures by zone keys are sufficient to protect the + integrity of the data to the world at large. + +3.2.2 - SIG(0) + + If the SIG record is a SIG(0) protecting a message, the name type of + the associated KEY SHOULD be 00 (user) or 10 (host/entity). + Transactions are initiated by a host or user, not a zone, so zone + keys SHOULD not generate SIG(0) records. + + + + +Wellington Standards Track [Page 4] + +RFC 3008 DNSSEC Signing Authority November 2000 + + + A client is either explicitly executed by a user or on behalf of a + host, therefore the name type of a SIG(0) generated by a client + SHOULD be either user or host. A nameserver is associated with a + host, and its use of SIG(0) is not associated with a particular zone, + so the name type of a SIG(0) generated by a nameserver SHOULD be + host. + +3.3 - Signatory Flags + + This document does not assign any values to the signatory field, nor + require any values to be present. + +3.4 - Protocol + + The signing KEY record MUST have a protocol value of 3 (DNSSEC) or + 255 (ALL). If a key is not specified for use with DNSSEC, a DNSSEC + resolver MUST NOT trust any signature that it generates. + +3.5 - Algorithm Number + + The algorithm field MUST be identical to that of the generated SIG + record, and MUST meet all requirements for an algorithm value in a + SIG record. + +4 - Security Considerations + + This document defines a standard baseline for a DNSSEC capable + resolver. This is necessary for a thorough security analysis of + DNSSEC, if one is to be done. + + Specifically, this document places additional restrictions on SIG + records that a resolver must validate before the signature can be + considered worthy of DNSSEC trust. This simplifies the protocol, + making it more robust and able to withstand scrutiny by the security + community. + +5 - Acknowledgements + + The author would like to thank the following people for review and + informative comments (in alphabetical order): + + Olafur Gudmundsson + Ed Lewis + + + + + + + + +Wellington Standards Track [Page 5] + +RFC 3008 DNSSEC Signing Authority November 2000 + + +6 - References + + [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, November 1987. + + [RFC1035] Mockapetris, P., "Domain Names - Implementation and + Specification", STD 13, RFC 1035, November 1987. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2136] Vixie (Ed.), P., Thomson, S., Rekhter, Y. and J. Bound, + "Dynamic Updates in the Domain Name System", RFC 2136, + April 1997. + + [RFC2535] Eastlake, D., "Domain Name System Security Extensions", + RFC 2535, March 1999. + + [RFC2931] Eastlake, D., "DNS Request and Transaction Signatures + (SIG(0)s )", RFC 2931, September 2000. + + [RFC3007] Wellington, B., "Simple Secure Domain Name System + (DNS) Dynamic Update", RFC 3007, November 2000. + +7 - Author's Address + + Brian Wellington + Nominum, Inc. + 950 Charter Street + Redwood City, CA 94063 + + Phone: +1 650 381 6022 + EMail: Brian.Wellington@nominum.com + + + + + + + + + + + + + + + + + + +Wellington Standards Track [Page 6] + +RFC 3008 DNSSEC Signing Authority November 2000 + + +8 Full Copyright Statement + + Copyright (C) The Internet Society (2000). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Wellington Standards Track [Page 7] + -- cgit v1.2.3