From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc8063.txt | 899 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 899 insertions(+) create mode 100644 doc/rfc/rfc8063.txt (limited to 'doc/rfc/rfc8063.txt') diff --git a/doc/rfc/rfc8063.txt b/doc/rfc/rfc8063.txt new file mode 100644 index 0000000..a30d6cd --- /dev/null +++ b/doc/rfc/rfc8063.txt @@ -0,0 +1,899 @@ + + + + + + +Internet Engineering Task Force (IETF) H.W. Ribbers +Request for Comments: 8063 M.W. Groeneweg +Category: Standards Track SIDN +ISSN: 2070-1721 R. Gieben + A.L.J. Verschuren + February 2017 + + + Key Relay Mapping for the Extensible Provisioning Protocol + +Abstract + + This document describes an Extensible Provisioning Protocol (EPP) + mapping for a key relay object that relays DNSSEC key material + between EPP clients using the poll queue defined in RFC 5730. + + This key relay mapping will help facilitate changing the DNS operator + of a domain while keeping the DNSSEC chain of trust intact. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc8063. + +Copyright Notice + + Copyright (c) 2017 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + +Ribbers, et al. Standards Track [Page 1] + +RFC 8063 EPP Key Relay February 2017 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 + 1.2. Secure Transfer of DNSSEC Key Material . . . . . . . . . 3 + 2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4 + 2.1. DNSSEC Key Material . . . . . . . . . . . . . . . . . . . 4 + 2.1.1. Element . . . . . . . . . . . . . . . 4 + 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 5 + 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 5 + 3.1.1. EPP Command . . . . . . . . . . . . . . . . . 5 + 3.1.2. EPP Command . . . . . . . . . . . . . . . . . 5 + 3.1.3. EPP Command . . . . . . . . . . . . . . . 8 + 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 8 + 3.2.1. EPP Command . . . . . . . . . . . . . . . . 8 + 3.2.2. EPP Command . . . . . . . . . . . . . . . . 10 + 3.2.3. EPP Command . . . . . . . . . . . . . . . . . 11 + 3.2.4. EPP Command . . . . . . . . . . . . . . . 11 + 3.2.5. EPP Command . . . . . . . . . . . . . . . . 11 + 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 11 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 + 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 13 + 5.2. XML Schema . . . . . . . . . . . . . . . . . . . . . . . 13 + 5.3. EPP Extension Registry . . . . . . . . . . . . . . . . . 13 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 + 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 + 7.1. Normative References . . . . . . . . . . . . . . . . . . 15 + 7.2. Informative References . . . . . . . . . . . . . . . . . 15 + Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 + +1. Introduction + + There are certain transactions initiated by a DNS operator that + require an authenticated exchange of information between DNS + operators. Often, there is no direct channel between these parties + or it is non-scalable and insecure. + + One such transaction is the exchange of DNSSEC key material when + changing the DNS operator for DNSSEC-signed zones. We suggest that + DNS operators use the administrative EPP channel to bootstrap the + delegation by relaying DNSSEC key material for the zone. + + In this document, we define an EPP extension to send DNSSEC key + material between EPP clients. This allows DNS operators to + automatically, reliably, and securely bootstrap the transfer of a + domain name while keeping the DNSSEC chain of trust intact. + + + + +Ribbers, et al. Standards Track [Page 2] + +RFC 8063 EPP Key Relay February 2017 + + +1.1. Conventions Used in This Document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in BCP 14, RFC 2119 + [RFC2119]. + + XML is case sensitive. Unless stated otherwise, the XML + specifications and examples provided in this document MUST be + interpreted in the character case presented in order to develop a + conforming implementation. + + In the examples, "C:" represents lines sent by a protocol client and + "S:" represents lines returned by a protocol server. Indentation and + white space in the examples are provided only to illustrate element + relationships and are not mandatory features of this protocol. + +1.2. Secure Transfer of DNSSEC Key Material + + Exchanging DNSSEC key material in preparation of a domain name + transfer is one of the phases in the life cycle of a domain name + [DNSOP]. + + DNS operators need to exchange DNSSEC key material before the + registration data can be changed to keep the DNSSEC chain of trust + intact. This exchange is normally initiated through the gaining + registrar. + + The gaining and losing DNS operators could talk directly to each + other (see Figure 1) to exchange the DNSKEY, but often there is no + trusted path between the two. As both can securely interact with the + registry over the administrative channel through the registrar, the + registry can act as a relay for the key material exchange. + + The registry is merely used as a relay channel. Therefore, it is up + to the losing DNS operator to complete the intended transaction. The + registry SHOULD have certain policies in place that require the + losing DNS operator to cooperate with this transaction; however, this + is beyond the scope of this document. This document focuses on the + EPP protocol syntax. + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 3] + +RFC 8063 EPP Key Relay February 2017 + + + +--------------------+ DNSKEY +---------------------+ + |gaining DNS operator| ~~~~~~~~> | losing DNS operator | + +--------------------+ +---------------------+ + | ^ + | | + V | + +--------------------+ +---------------------+ + | gaining registrar | | registrar of record | + +--------------------+ +---------------------+ + | ^ + EPP key relay | | EPP poll + V | + +-----------------------------+ + | registry | + +-----------------------------+ + + Figure 1: Transfer of DNSSEC Key Material + + There is no distinction in the EPP protocol between Registrars and + DNS operators, and there is only mention of an EPP client and EPP + server. Therefore, the term "EPP client" will be used for the + interaction with the EPP server for relaying DNSSEC key material. + +2. Object Attributes + +2.1. DNSSEC Key Material + + The DNSSEC key material is represented in EPP by a + element. + +2.1.1. Element + + The contains the following elements: + + o One REQUIRED element that contains the DNSSEC key + material as described in [RFC5910], Section 4. + + o An OPTIONAL element that describes the expected lifetime + of the relayed key(s) in the zone. When the element is + provided, the losing DNS operator SHOULD remove the inserted key + material from the zone after the expiry time. This may be because + the transaction that needed the insertion should be either + completed or abandoned by that time. If a client receives a key + relay object that has been sent previously, it MUST update the + expiry time of the key material. This enables the clients to + update the lifetime of the key material when a transfer is + delayed. + + + + +Ribbers, et al. Standards Track [Page 4] + +RFC 8063 EPP Key Relay February 2017 + + + The element MUST contain exactly one of the following child + elements: + + : The DNSSEC key material is valid from the current date + and time until it expires on the specified date and time. If a + date in the past is provided, this MUST be interpreted as a + revocation of a previously sent key relay object. + + : The DNSSEC key material is valid from the current date + and time until the end of the specified duration. If a period of + zero is provided, this MUST be interpreted as a revocation of a + previously sent key relay object. + +3. EPP Command Mapping + + A detailed description of the EPP syntax and semantics can be found + in the EPP core protocol specification [RFC5730]. The command + mapping described here is specifically for use in this key relay + mapping. + +3.1. EPP Query Commands + + EPP provides three commands to retrieve object information: + to determine if an object is known to the server, to retrieve + detailed information associated with an object, and to + retrieve object transfer status information. + +3.1.1. EPP Command + + Check that semantics do not apply to key relay objects, so there is + no mapping defined for the EPP command and the EPP + response. + +3.1.2. EPP Command + + Info command semantics do not apply to the key relay objects, so + there is no mapping defined for the EPP command. + + The EPP response for key relay objects is used in the EPP poll + response, as described in [RFC5730]. The key relay object created + with the command, described in Section 3.2.1 is inserted + into the receiving client's poll queue. The receiving client will + receive the key relay object using the EPP command, as + described in [RFC5730]. + + + + + + + +Ribbers, et al. Standards Track [Page 5] + +RFC 8063 EPP Key Relay February 2017 + + + When a command has been processed successfully for a key relay + poll message, the EPP element MUST contain a child + element that is identified by the keyrelay + namespace. The element contains the following + child elements: + + o A REQUIRED element containing the domain name for which the + DNSSEC key material is relayed. + + o A REQUIRED element that contains authorization + information associated with the domain object ([RFC5731], + Section 3.2.1). + + o One or more REQUIRED elements containing data to be + relayed, as defined in Section 2.1. A server MAY apply a server + policy that specifies the number of elements that + can be incorporated. When a server policy is violated, a server + MUST respond with an EPP result code 2308 "Data management policy + violation". + + o An OPTIONAL element that contains the date and time of + the submitted command. + + o An OPTIONAL element that contains the identifier of the + client that requested the key relay. + + o An OPTIONAL element that contains the identifier of the + client that SHOULD act upon the key relay. + + Example response: + + + + + + + + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 6] + +RFC 8063 EPP Key Relay February 2017 + + + S: + S: + S: + S: + S: Command completed successfully; ack to dequeue + S: + S: + S: 1999-04-04T22:01:00.0Z + S: Keyrelay action completed successfully. + S: + S: + S: + S: example.org + S: + S: JnSdBAZSxxzJ + S: + S: + S: + S: 256 + S: 3 + S: 8 + S: cmlraXN0aGViZXN0 + S: + S: + S: P1M13D + S: + S: + S: + S: 1999-04-04T22:01:00.0Z + S: + S: + S: ClientX + S: + S: + S: ClientY + S: + S: + S: + S: + S: ABC-12345 + S: 54321-ZYX + S: + S: + S: + + + + +Ribbers, et al. Standards Track [Page 7] + +RFC 8063 EPP Key Relay February 2017 + + +3.1.3. EPP Command + + Transfer semantics do not apply to key relay objects, so there is no + mapping defined for the EPP command. + +3.2. EPP Transform Commands + + EPP provides five commands to transform objects: to create + an instance of an object, to delete an instance of an + object, to extend the validity period of an object, + to manage object sponsorship changes, and to + change information associated with an object. + +3.2.1. EPP Command + + The EPP command provides a transform operation that allows a + client to create a key relay object that includes the domain name and + DNSSEC key material to be relayed. When the command is + validated, the server MUST insert an EPP message, using the + key relay info response (see Section 3.1.2), in the receiving + client's poll queue that belongs to the registrar on record of the + provided domain name. + + In addition to the standard EPP command elements, the + command MUST contain a element that is identified + by the keyrelay namespace. The element contains + the following child elements: + + o A REQUIRED element containing the domain name for + which the DNSSEC key material is relayed. + + o A REQUIRED element that contains authorization + information associated with the domain object ([RFC5731], + Section 3.2.1). + + o One or more REQUIRED elements containing + data to be relayed, as defined in Section 2.1. + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 8] + +RFC 8063 EPP Key Relay February 2017 + + + Example commands: + + Note that in the provided example, the second + element has a period of zero, and thus represents the revocation of a + previously sent key relay object (see Section 2.1.1). + + C: + C: + C: + C: + C: + C: example.org + C: + C: JnSdBAZSxxzJ + C: + C: + C: + C: 256 + C: 3 + C: 8 + C: cmlraXN0aGViZXN0 + C: + C: + C: P1M13D + C: + C: + C: + C: + C: 256 + C: 3 + C: 8 + C: bWFyY2lzdGhlYmVzdA== + C: + C: + C: P0D + C: + C: + C: + C: + C: ABC-12345 + C: + C: + + + + + + +Ribbers, et al. Standards Track [Page 9] + +RFC 8063 EPP Key Relay February 2017 + + + When a server has successfully processed the command, it + MUST respond with a standard EPP response. See [RFC5730], + Section 2.6. + + Example response: + + S: + S: + S: + S: + S: Command completed successfully + S: + S: + S: ABC-12345 + S: 54321-ZYX + S: + S: + S: + + When a server cannot process the command due to the server + policy, it MUST return an EPP 2308 error message. This might be the + case when the server knows that the receiving client does not support + key relay transactions. See [RFC5730], Section 2.6. + + Example response: + + S: + S: + S: + S: + S: Data management policy violation + S: + S: + S: ABC-12345 + S: 54321-ZYX + S: + S: + S: + +3.2.2. EPP Command + + Delete semantics do not apply to key relay objects, so there is no + mapping defined for the EPP command and the EPP + response. + + + + + + + +Ribbers, et al. Standards Track [Page 10] + +RFC 8063 EPP Key Relay February 2017 + + +3.2.3. EPP Command + + Renew semantics do not apply to key relay objects, so there is no + mapping defined for the EPP command and the EPP + response. + +3.2.4. EPP Command + + Transfer semantics do not apply to key relay objects, so there is no + mapping defined for the EPP command and the EPP + response. + +3.2.5. EPP Command + + Update semantics do not apply to key relay objects, so there is no + mapping defined for the EPP command and the EPP + response. + +4. Formal Syntax + + + + + + + Extensible Provisioning Protocol v1.0 protocol + extension schema for relaying DNSSEC key material. + + + + + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 11] + +RFC 8063 EPP Key Relay February 2017 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 12] + +RFC 8063 EPP Key Relay February 2017 + + +5. IANA Considerations + +5.1. XML Namespace + + This document uses URNs to describe an XML namespace conforming to + the registry mechanism described in [RFC3688]. The following URI + assignment has been made by IANA: + + URI: urn:ietf:params:xml:ns:keyrelay-1.0 + + Registrant Contact: See the "Authors' Addresses" section of this + document. + + XML: See the "Formal Syntax" section of this document. + +5.2. XML Schema + + This document uses URNs to describe an XML schema conforming to the + registry mechanism described in [RFC3688]. The following URI + assignment has been made by IANA: + + URI: urn:ietf:params:xml:schema:keyrelay-1.0 + + XML: See the "Formal Syntax" section of this document. + +5.3. EPP Extension Registry + + The EPP extension described in this document has been registered by + IANA in the "Extensions for the Extensible Provisioning Protocol + (EPP)" registry described in [RFC7451]. The details of the + registration are as follows: + + Name of Extension: "Key Relay Mapping for the Extensible Provisioning + Protocol" + + Document status: Standards Track + + Reference: RFC 8063 + + Registrant Name and Email Address: IESG, iesg@ietf.org + + Top-Level Domains (TLDs): Any + + IPR Disclosure: https://datatracker.ietf.org/ipr/ + + Status: Active + + Notes: None + + + +Ribbers, et al. Standards Track [Page 13] + +RFC 8063 EPP Key Relay February 2017 + + +6. Security Considerations + + A server SHOULD NOT perform any transformation on data under server + management when processing a command. The intent + of this command is to put DNSSEC key material on the poll queue of + another client. Exceptions to this recommendation are allowable only + for the purposes of achieving interoperability with the different + server policies that have already implemented this EPP extension. + + Any EPP client can use this mechanism to put data on the message + queue of another EPP client, allowing for the potential of a denial- + of-service attack. However, this can and should be detected by the + server. A server MAY set a server policy that limits or rejects a + command if it detects that the mechanism is being + abused. + + For the data, a correct + element should be used as an indication that putting the key material + on the receiving EPP clients poll queue is authorized by the + _registrant_ of that domain name. The authorization of EPP clients + to perform DNS changes is not covered in this document as it depends + on registry-specific policy. + + A client that uses this mechanism to send DNSSEC key material to + another client could verify through DNS that the DNSSEC key material + is added to the authoritative zone of the domain. This check can be + used to verify that the DNSSEC key material has traveled end-to-end + from the gaining DNS operator to the losing DNS operator. This check + does not tell anything about the DNSSEC chain of trust and can merely + be used as a verification of a successful transfer of the DNSSEC key + material. + + + + + + + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 14] + +RFC 8063 EPP Key Relay February 2017 + + +7. References + +7.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, + DOI 10.17487/RFC3688, January 2004, + . + + [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", + STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, + . + + [RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) + Domain Name Mapping", STD 69, RFC 5731, + DOI 10.17487/RFC5731, August 2009, + . + + [RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS) + Security Extensions Mapping for the Extensible + Provisioning Protocol (EPP)", RFC 5910, + DOI 10.17487/RFC5910, May 2010, + . + +7.2. Informative References + + [DNSOP] Koch, P., Sanz, M., and A. Verschuren, "Changing DNS + Operators for DNSSEC signed Zones", Work in Progress, + draft-koch-dnsop-dnssec-operator-change-06, February 2014. + + [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible + Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, + February 2015, . + + + + + + + + + + + + + + +Ribbers, et al. Standards Track [Page 15] + +RFC 8063 EPP Key Relay February 2017 + + +Acknowledgements + + We would like to thank the following individuals for their valuable + input, review, and constructive criticism in earlier revisions or + support for the concepts described in this document: + + Maarten Wullink, Marco Davids, Ed Lewis, James Mitchell, David Peal, + Patrik Faltstrom, Klaus Malorny, James Gould, Patrick Mevzek, Seth + Goldman, Maarten Bosteels, Ulrich Wisser, Kees Monshouwer, Scott + Hollenbeck, and Job Snijders. + +Authors' Addresses + + Rik Ribbers + SIDN + Meander 501 + Arnhem 6825 MD + The Netherlands + + Email: rik.ribbers@sidn.nl + URI: https://www.sidn.nl/ + + + Marc Groeneweg + SIDN + Meander 501 + Arnhem 6825 MD + The Netherlands + + Email: marc.groeneweg@sidn.nl + URI: https://www.sidn.nl/ + + + Miek Gieben + + Email: miek@miek.nl + + + Antoin Verschuren + + Email: ietf@antoin.nl + + + + + + + + + + +Ribbers, et al. Standards Track [Page 16] + -- cgit v1.2.3