RFC3658 日本語訳
3658 Delegation Signer (DS) Resource Record (RR). O. Gudmundsson. December 2003. (Format: TXT=42120 bytes) (Obsoleted by RFC4033, RFC4034, RFC4035) (Updates RFC3090, RFC3008, RFC2535, RFC1035) (Updated by RFC3755) (Status: PROPOSED STANDARD)
プログラムでの自動翻訳です。
英語原文
Network Working Group O. Gudmundsson Request for Comments: 3658 December 2003 Updates: 3090, 3008, 2535, 1035 Category: Standards Track
Network Working Group O. Gudmundsson Request for Comments: 3658 December 2003 Updates: 3090, 3008, 2535, 1035 Category: Standards Track
Delegation Signer (DS) Resource Record (RR)
Delegation Signer (DS) Resource Record (RR)
Status of this Memo
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Abstract
The delegation signer (DS) resource record (RR) is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone. The DS RR is a modification to the DNS Security Extensions definition, motivated by operational considerations. The intent is to use this resource record as an explicit statement about the delegation, rather than relying on inference.
The delegation signer (DS) resource record (RR) is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone. The DS RR is a modification to the DNS Security Extensions definition, motivated by operational considerations. The intent is to use this resource record as an explicit statement about the delegation, rather than relying on inference.
This document defines the DS RR, gives examples of how it is used and describes the implications on resolvers. This change is not backwards compatible with RFC 2535. This document updates RFC 1035, RFC 2535, RFC 3008 and RFC 3090.
This document defines the DS RR, gives examples of how it is used and describes the implications on resolvers. This change is not backwards compatible with RFC 2535. This document updates RFC 1035, RFC 2535, RFC 3008 and RFC 3090.
Gudmundsson Standards Track [Page 1] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 1] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Table of Contents
Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Reserved Words. . . . . . . . . . . . . . . . . . . . . 4
2. Specification of the Delegation key Signer. . . . . . . . . . 4
2.1. Delegation Signer Record Model. . . . . . . . . . . . . 4
2.2. Protocol Change . . . . . . . . . . . . . . . . . . . . 5
2.2.1. RFC 2535 2.3.4 and 3.4: Special Considerations
at Delegation Points . . . . . . . . . . . . . 6
2.2.1.1. Special processing for DS queries. . . 6
2.2.1.2. Special processing when child and an
ancestor share nameserver. . . . . . . 7
2.2.1.3. Modification on use of KEY RR in the
construction of Responses. . . . . . . 8
2.2.2. Signer's Name (replaces RFC3008 section 2.7). . 9
2.2.3. Changes to RFC 3090 . . . . . . . . . . . . . . 9
2.2.3.1. RFC 3090: Updates to section 1:
Introduction . . . . . . . . . . . . . 9
2.2.3.2. RFC 3090 section 2.1: Globally
Secured. . . . . . . . . . . . . . . . 10
2.2.3.3. RFC 3090 section 3: Experimental
Status . . . . . . . . . . . . . . . . 10
2.2.4. NULL KEY elimination. . . . . . . . . . . . . . 10
2.3. Comments on Protocol Changes. . . . . . . . . . . . . . 10
2.4. Wire Format of the DS record. . . . . . . . . . . . . . 11
2.4.1. Justifications for Fields . . . . . . . . . . . 12
2.5. Presentation Format of the DS Record. . . . . . . . . . 12
2.6. Transition Issues for Installed Base. . . . . . . . . . 12
2.6.1. Backwards compatibility with RFC 2535 and
RFC 1035. . . . . . . . . . . . . . . . . . . . 12
2.7. KEY and corresponding DS record example . . . . . . . . 13
3. Resolver. . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1. DS Example" . . . . . . . . . . . . . . . . . . . . . . 14
3.2. Resolver Cost Estimates for DS Records" . . . . . . . . 15
4. Security Considerations . . . . . . . . . . . . . . . . . . . 15
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
6. Intellectual Property Statement . . . . . . . . . . . . . . . 16
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
8. References. . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.1. Normative References. . . . . . . . . . . . . . . . . . 17
8.2. Informational References. . . . . . . . . . . . . . . . 17
9. Author's Address. . . . . . . . . . . . . . . . . . . . . . . 18
10. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 19
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Reserved Words. . . . . . . . . . . . . . . . . . . . . 4 2. Specification of the Delegation key Signer. . . . . . . . . . 4 2.1. Delegation Signer Record Model. . . . . . . . . . . . . 4 2.2. Protocol Change . . . . . . . . . . . . . . . . . . . . 5 2.2.1. RFC 2535 2.3.4 and 3.4: Special Considerations at Delegation Points . . . . . . . . . . . . . 6 2.2.1.1. Special processing for DS queries. . . 6 2.2.1.2. Special processing when child and an ancestor share nameserver. . . . . . . 7 2.2.1.3. Modification on use of KEY RR in the construction of Responses. . . . . . . 8 2.2.2. Signer's Name (replaces RFC3008 section 2.7). . 9 2.2.3. Changes to RFC 3090 . . . . . . . . . . . . . . 9 2.2.3.1. RFC 3090: Updates to section 1: Introduction . . . . . . . . . . . . . 9 2.2.3.2. RFC 3090 section 2.1: Globally Secured. . . . . . . . . . . . . . . . 10 2.2.3.3. RFC 3090 section 3: Experimental Status . . . . . . . . . . . . . . . . 10 2.2.4. NULL KEY elimination. . . . . . . . . . . . . . 10 2.3. Comments on Protocol Changes. . . . . . . . . . . . . . 10 2.4. Wire Format of the DS record. . . . . . . . . . . . . . 11 2.4.1. Justifications for Fields . . . . . . . . . . . 12 2.5. Presentation Format of the DS Record. . . . . . . . . . 12 2.6. Transition Issues for Installed Base. . . . . . . . . . 12 2.6.1. Backwards compatibility with RFC 2535 and RFC 1035. . . . . . . . . . . . . . . . . . . . 12 2.7. KEY and corresponding DS record example . . . . . . . . 13 3. Resolver. . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1. DS Example" . . . . . . . . . . . . . . . . . . . . . . 14 3.2. Resolver Cost Estimates for DS Records" . . . . . . . . 15 4. Security Considerations . . . . . . . . . . . . . . . . . . . 15 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 6. Intellectual Property Statement . . . . . . . . . . . . . . . 16 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 8. References. . . . . . . . . . . . . . . . . . . . . . . . . . 17 8.1. Normative References. . . . . . . . . . . . . . . . . . 17 8.2. Informational References. . . . . . . . . . . . . . . . 17 9. Author's Address. . . . . . . . . . . . . . . . . . . . . . . 18 10. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 19
Gudmundsson Standards Track [Page 2] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 2] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
1. Introduction
1. Introduction
Familiarity with the DNS system [RFC1035], DNS security extensions [RFC2535], and DNSSEC terminology [RFC3090] is important.
Familiarity with the DNS system [RFC1035], DNS security extensions [RFC2535], and DNSSEC terminology [RFC3090] is important.
Experience shows that when the same data can reside in two administratively different DNS zones, the data frequently gets out of sync. The presence of an NS RRset in a zone anywhere other than at the apex indicates a zone cut or delegation. The RDATA of the NS RRset specifies the authoritative nameservers for the delegated or "child" zone. Based on actual measurements, 10-30% of all delegations on the Internet have differing NS RRsets at parent and child. There are a number of reasons for this, including a lack of communication between parent and child and bogus name servers being listed to meet registry requirements.
Experience shows that when the same data can reside in two administratively different DNS zones, the data frequently gets out of sync. The presence of an NS RRset in a zone anywhere other than at the apex indicates a zone cut or delegation. The RDATA of the NS RRset specifies the authoritative nameservers for the delegated or "child" zone. Based on actual measurements, 10-30% of all delegations on the Internet have differing NS RRsets at parent and child. There are a number of reasons for this, including a lack of communication between parent and child and bogus name servers being listed to meet registry requirements.
DNSSEC [RFC2535, RFC3008, RFC3090] specifies that a child zone needs to have its KEY RRset signed by its parent to create a verifiable chain of KEYs. There has been some debate on where the signed KEY RRset should reside, whether at the child [RFC2535] or at the parent. If the KEY RRset resides at the child, maintaining the signed KEY RRset in the child requires frequent two-way communication between the two parties. First, the child transmits the KEY RRset to the parent and then the parent sends the signature(s) to the child. Storing the KEY RRset at the parent was thought to simplify the communication.
DNSSEC [RFC2535, RFC3008, RFC3090] specifies that a child zone needs to have its KEY RRset signed by its parent to create a verifiable chain of KEYs. There has been some debate on where the signed KEY RRset should reside, whether at the child [RFC2535] or at the parent. If the KEY RRset resides at the child, maintaining the signed KEY RRset in the child requires frequent two-way communication between the two parties. First, the child transmits the KEY RRset to the parent and then the parent sends the signature(s) to the child. Storing the KEY RRset at the parent was thought to simplify the communication.
DNSSEC [RFC2535] requires that the parent store a NULL KEY record for an unsecure child zone to indicate that the child is unsecure. A NULL KEY record is a waste: an entire signed RRset is used to communicate effectively one bit of information - that the child is unsecure. Chasing down NULL KEY RRsets complicates the resolution process in many cases, because nameservers for both parent and child need to be queried for the KEY RRset if the child nameserver does not return it. Storing the KEY RRset only in the parent zone simplifies this and would allow the elimination of the NULL KEY RRsets entirely. For large delegation zones, the cost of NULL keys is a significant barrier to deployment.
DNSSEC [RFC2535] requires that the parent store a NULL KEY record for an unsecure child zone to indicate that the child is unsecure. A NULL KEY record is a waste: an entire signed RRset is used to communicate effectively one bit of information - that the child is unsecure. Chasing down NULL KEY RRsets complicates the resolution process in many cases, because nameservers for both parent and child need to be queried for the KEY RRset if the child nameserver does not return it. Storing the KEY RRset only in the parent zone simplifies this and would allow the elimination of the NULL KEY RRsets entirely. For large delegation zones, the cost of NULL keys is a significant barrier to deployment.
Prior to the restrictions imposed by RFC 3445 [RFC3445], another implication of the DNSSEC key model is that the KEY record could be used to store public keys for other protocols in addition to DNSSEC keys. There are a number of potential problems with this, including:
Prior to the restrictions imposed by RFC 3445 [RFC3445], another implication of the DNSSEC key model is that the KEY record could be used to store public keys for other protocols in addition to DNSSEC keys. There are a number of potential problems with this, including:
1. The KEY RRset can become quite large if many applications and
protocols store their keys at the zone apex. Possible protocols
are IPSEC, HTTP, SMTP, SSH and others that use public key
cryptography.
1. The KEY RRset can become quite large if many applications and protocols store their keys at the zone apex. Possible protocols are IPSEC, HTTP, SMTP, SSH and others that use public key cryptography.
Gudmundsson Standards Track [Page 3] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 3] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
2. The KEY RRset may require frequent updates.
2. The KEY RRset may require frequent updates.
3. The probability of compromised or lost keys, which trigger
emergency key roll-over procedures, increases.
3. The probability of compromised or lost keys, which trigger emergency key roll-over procedures, increases.
4. The parent may refuse to sign KEY RRsets with non-DNSSEC zone
keys.
4. The parent may refuse to sign KEY RRsets with non-DNSSEC zone keys.
5. The parent may not meet the child's expectations of turnaround
time for resigning the KEY RRset.
5. The parent may not meet the child's expectations of turnaround time for resigning the KEY RRset.
Given these reasons, SIG@parent isn't any better than SIG/KEY@Child.
Given these reasons, SIG@parent isn't any better than SIG/KEY@Child.
1.2. Reserved Words
1.2. Reserved Words
The key words "MAY", "MAY NOT", "MUST", "MUST NOT", "REQUIRED", "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].
The key words "MAY", "MAY NOT", "MUST", "MUST NOT", "REQUIRED", "RECOMMENDED", "SHOULD", and "SHOULD NOT" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].
2. Specification of the Delegation key Signer
2. Specification of the Delegation key Signer
This section defines the Delegation Signer (DS) RR type (type code 43) and the changes to DNS to accommodate it.
This section defines the Delegation Signer (DS) RR type (type code 43) and the changes to DNS to accommodate it.
2.1. Delegation Signer Record Model
2.1. Delegation Signer Record Model
This document presents a replacement for the DNSSEC KEY record chain of trust [RFC2535] that uses a new RR that resides only at the parent. This record identifies the key(s) that the child uses to self-sign its own KEY RRset.
This document presents a replacement for the DNSSEC KEY record chain of trust [RFC2535] that uses a new RR that resides only at the parent. This record identifies the key(s) that the child uses to self-sign its own KEY RRset.
Even though DS identifies two roles for KEYs, Key Signing Key (KSK) and Zone Signing Key (ZSK), there is no requirement that zone uses two different keys for these roles. It is expected that many small zones will only use one key, while larger zones will be more likely to use multiple keys.
Even though DS identifies two roles for KEYs, Key Signing Key (KSK) and Zone Signing Key (ZSK), there is no requirement that zone uses two different keys for these roles. It is expected that many small zones will only use one key, while larger zones will be more likely to use multiple keys.
The chain of trust is now established by verifying the parent KEY RRset, the DS RRset from the parent and the KEY RRset at the child. This is cryptographically equivalent to using just KEY records.
The chain of trust is now established by verifying the parent KEY RRset, the DS RRset from the parent and the KEY RRset at the child. This is cryptographically equivalent to using just KEY records.
Communication between the parent and child is greatly reduced, since the child only needs to notify the parent about changes in keys that sign its apex KEY RRset. The parent is ignorant of all other keys in the child's apex KEY RRset. Furthermore, the child maintains full control over the apex KEY RRset and its content. The child can maintain any policies regarding its KEY usage for DNSSEC with minimal impact on the parent. Thus, if the child wants to have frequent key
Communication between the parent and child is greatly reduced, since the child only needs to notify the parent about changes in keys that sign its apex KEY RRset. The parent is ignorant of all other keys in the child's apex KEY RRset. Furthermore, the child maintains full control over the apex KEY RRset and its content. The child can maintain any policies regarding its KEY usage for DNSSEC with minimal impact on the parent. Thus, if the child wants to have frequent key
Gudmundsson Standards Track [Page 4] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 4] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
roll-over for its DNS zone keys, the parent does not need to be aware of it. The child can use one key to sign only its apex KEY RRset and a different key to sign the other RRsets in the zone.
roll-over for its DNS zone keys, the parent does not need to be aware of it. The child can use one key to sign only its apex KEY RRset and a different key to sign the other RRsets in the zone.
This model fits well with a slow roll out of DNSSEC and the islands of security model. In this model, someone who trusts "good.example." can preconfigure a key from "good.example." as a trusted key, and from then on trusts any data signed by that key or that has a chain of trust to that key. If "example." starts advertising DS records, "good.example." does not have to change operations by suspending self-signing. DS records can be used in configuration files to identify trusted keys instead of KEY records. Another significant advantage is that the amount of information stored in large delegation zones is reduced: rather than the NULL KEY record at every unsecure delegation demanded by RFC 2535, only secure delegations require additional information in the form of a signed DS RRset.
This model fits well with a slow roll out of DNSSEC and the islands of security model. In this model, someone who trusts "good.example." can preconfigure a key from "good.example." as a trusted key, and from then on trusts any data signed by that key or that has a chain of trust to that key. If "example." starts advertising DS records, "good.example." does not have to change operations by suspending self-signing. DS records can be used in configuration files to identify trusted keys instead of KEY records. Another significant advantage is that the amount of information stored in large delegation zones is reduced: rather than the NULL KEY record at every unsecure delegation demanded by RFC 2535, only secure delegations require additional information in the form of a signed DS RRset.
The main disadvantage of this approach is that verifying a zone's KEY RRset requires two signature verification operations instead of the one in RFC 2535 chain of trust. There is no impact on the number of signatures verified for other types of RRsets.
The main disadvantage of this approach is that verifying a zone's KEY RRset requires two signature verification operations instead of the one in RFC 2535 chain of trust. There is no impact on the number of signatures verified for other types of RRsets.
2.2. Protocol Change
2.2. Protocol Change
All DNS servers and resolvers that support DS MUST support the OK bit [RFC3225] and a larger message size [RFC3226]. In order for a delegation to be considered secure the delegation MUST contain a DS RRset. If a query contains the OK bit, a nameserver returning a referral for the delegation MUST include the following RRsets in the authority section in this order:
All DNS servers and resolvers that support DS MUST support the OK bit [RFC3225] and a larger message size [RFC3226]. In order for a delegation to be considered secure the delegation MUST contain a DS RRset. If a query contains the OK bit, a nameserver returning a referral for the delegation MUST include the following RRsets in the authority section in this order:
If DS RRset is present:
parent's copy of child's NS RRset
DS and SIG(DS)
If DS RRset is present: parent's copy of child's NS RRset DS and SIG(DS)
If no DS RRset is present:
parent's copy of child's NS RRset
parent's zone NXT and SIG(NXT)
If no DS RRset is present: parent's copy of child's NS RRset parent's zone NXT and SIG(NXT)
This increases the size of referral messages, possibly causing some or all glue to be omitted. If the DS or NXT RRsets with signatures do not fit in the DNS message, the TC bit MUST be set. Additional section processing is not changed.
This increases the size of referral messages, possibly causing some or all glue to be omitted. If the DS or NXT RRsets with signatures do not fit in the DNS message, the TC bit MUST be set. Additional section processing is not changed.
A DS RRset accompanying a NS RRset indicates that the child zone is secure. If a NS RRset exists without a DS RRset, the child zone is unsecure (from the parents point of view). DS RRsets MUST NOT appear at non-delegation points or at a zone's apex.
A DS RRset accompanying a NS RRset indicates that the child zone is secure. If a NS RRset exists without a DS RRset, the child zone is unsecure (from the parents point of view). DS RRsets MUST NOT appear at non-delegation points or at a zone's apex.
Gudmundsson Standards Track [Page 5] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 5] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Section 2.2.1 defines special considerations related to authoritative nameservers responding to DS queries and replaces RFC 2535 sections 2.3.4 and 3.4. Section 2.2.2 replaces RFC 3008 section 2.7, and section 2.2.3 updates RFC 3090.
Section 2.2.1 defines special considerations related to authoritative nameservers responding to DS queries and replaces RFC 2535 sections 2.3.4 and 3.4. Section 2.2.2 replaces RFC 3008 section 2.7, and section 2.2.3 updates RFC 3090.
2.2.1. RFC 2535 2.3.4 and 3.4: Special Considerations at Delegation
Points
2.2.1. RFC 2535 2.3.4 and 3.4: Special Considerations at Delegation Points
DNS security views each zone as a unit of data completely under the control of the zone owner with each entry (RRset) signed by a special private key held by the zone manager. But the DNS protocol views the leaf nodes in a zone that are also the apex nodes of a child zone (i.e., delegation points) as "really" belonging to the child zone. The corresponding domain names appear in two master files and might have RRsets signed by both the parent and child zones' keys. A retrieval could get a mixture of these RRsets and SIGs, especially since one nameserver could be serving both the zone above and below a delegation point [RFC2181].
DNS security views each zone as a unit of data completely under the control of the zone owner with each entry (RRset) signed by a special private key held by the zone manager. But the DNS protocol views the leaf nodes in a zone that are also the apex nodes of a child zone (i.e., delegation points) as "really" belonging to the child zone. The corresponding domain names appear in two master files and might have RRsets signed by both the parent and child zones' keys. A retrieval could get a mixture of these RRsets and SIGs, especially since one nameserver could be serving both the zone above and below a delegation point [RFC2181].
Each DS RRset stored in the parent zone MUST be signed by at least one of the parent zone's private keys. The parent zone MUST NOT contain a KEY RRset at any delegation point. Delegations in the parent MAY contain only the following RR types: NS, DS, NXT and SIG. The NS RRset MUST NOT be signed. The NXT RRset is the exceptional case: it will always appear differently and authoritatively in both the parent and child zones, if both are secure.
Each DS RRset stored in the parent zone MUST be signed by at least one of the parent zone's private keys. The parent zone MUST NOT contain a KEY RRset at any delegation point. Delegations in the parent MAY contain only the following RR types: NS, DS, NXT and SIG. The NS RRset MUST NOT be signed. The NXT RRset is the exceptional case: it will always appear differently and authoritatively in both the parent and child zones, if both are secure.
A secure zone MUST contain a self-signed KEY RRset at its apex. Upon verifying the DS RRset from the parent, a resolver MAY trust any KEY identified in the DS RRset as a valid signer of the child's apex KEY RRset. Resolvers configured to trust one of the keys signing the KEY RRset MAY now treat any data signed by the zone keys in the KEY RRset as secure. In all other cases, resolvers MUST consider the zone unsecure.
A secure zone MUST contain a self-signed KEY RRset at its apex. Upon verifying the DS RRset from the parent, a resolver MAY trust any KEY identified in the DS RRset as a valid signer of the child's apex KEY RRset. Resolvers configured to trust one of the keys signing the KEY RRset MAY now treat any data signed by the zone keys in the KEY RRset as secure. In all other cases, resolvers MUST consider the zone unsecure.
An authoritative nameserver queried for type DS MUST return the DS RRset in the answer section.
An authoritative nameserver queried for type DS MUST return the DS RRset in the answer section.
2.2.1.1. Special processing for DS queries
2.2.1.1. Special processing for DS queries
When a nameserver is authoritative for the parent zone at a delegation point and receives a query for the DS record at that name, it MUST answer based on data in the parent zone, return DS or negative answer. This is true whether or not it is also authoritative for the child zone.
When a nameserver is authoritative for the parent zone at a delegation point and receives a query for the DS record at that name, it MUST answer based on data in the parent zone, return DS or negative answer. This is true whether or not it is also authoritative for the child zone.
Gudmundsson Standards Track [Page 6] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 6] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
When the nameserver is authoritative for the child zone at a delegation point but not the parent zone, there is no natural response, since the child zone is not authoritative for the DS record at the zone's apex. As these queries are only expected to originate from recursive nameservers which are not DS-aware, the authoritative nameserver MUST answer with:
When the nameserver is authoritative for the child zone at a delegation point but not the parent zone, there is no natural response, since the child zone is not authoritative for the DS record at the zone's apex. As these queries are only expected to originate from recursive nameservers which are not DS-aware, the authoritative nameserver MUST answer with:
RCODE: NOERROR
AA bit: set
Answer Section: Empty
Authority Section: SOA [+ SIG(SOA) + NXT + SIG(NXT)]
RCODE: NOERROR AA bit: set Answer Section: Empty Authority Section: SOA [+ SIG(SOA) + NXT + SIG(NXT)]
That is, it answers as if it is authoritative and the DS record does not exist. DS-aware recursive nameservers will query the parent zone at delegation points, so will not be affected by this.
That is, it answers as if it is authoritative and the DS record does not exist. DS-aware recursive nameservers will query the parent zone at delegation points, so will not be affected by this.
A nameserver authoritative for only the child zone, that is also a caching server MAY (if the RD bit is set in the query) perform recursion to find the DS record at the delegation point, or MAY return the DS record from its cache. In this case, the AA bit MUST NOT be set in the response.
A nameserver authoritative for only the child zone, that is also a caching server MAY (if the RD bit is set in the query) perform recursion to find the DS record at the delegation point, or MAY return the DS record from its cache. In this case, the AA bit MUST NOT be set in the response.
2.2.1.2. Special processing when child and an ancestor share
nameserver
2.2.1.2. Special processing when child and an ancestor share nameserver
Special rules are needed to permit DS RR aware nameservers to gracefully interact with older caches which otherwise might falsely label a nameserver as lame because of the placement of the DS RR set.
Special rules are needed to permit DS RR aware nameservers to gracefully interact with older caches which otherwise might falsely label a nameserver as lame because of the placement of the DS RR set.
Such a situation might arise when a nameserver is authoritative for both a zone and it's grandparent, but not the parent. This sounds like an obscure example, but it is very real. The root zone is currently served on 13 machines, and "root-servers.net." is served on 4 of the 13, but "net." is severed on different nameservers.
Such a situation might arise when a nameserver is authoritative for both a zone and it's grandparent, but not the parent. This sounds like an obscure example, but it is very real. The root zone is currently served on 13 machines, and "root-servers.net." is served on 4 of the 13, but "net." is severed on different nameservers.
When a nameserver receives a query for (<QNAME>, DS, <QCLASS>), the response MUST be determined from reading these rules in order:
When a nameserver receives a query for (<QNAME>, DS, <QCLASS>), the response MUST be determined from reading these rules in order:
1) If the nameserver is authoritative for the zone that holds the DS
RR set (i.e., the zone that delegates <QNAME>, a.k.a. the "parent"
zone), the response contains the DS RR set as an authoritative
answer.
1) If the nameserver is authoritative for the zone that holds the DS RR set (i.e., the zone that delegates <QNAME>, a.k.a. the "parent" zone), the response contains the DS RR set as an authoritative answer.
2) If the nameserver is offering recursive service and the RD bit is
set in the query, the nameserver performs the query itself
(according to the rules for resolvers described below) and returns
its findings.
2) If the nameserver is offering recursive service and the RD bit is set in the query, the nameserver performs the query itself (according to the rules for resolvers described below) and returns its findings.
Gudmundsson Standards Track [Page 7] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 7] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
3) If the nameserver is authoritative for the zone that holds the
<QNAME>'s SOA RR set, the response is an authoritative negative
answer as described in 2.2.1.1.
3) If the nameserver is authoritative for the zone that holds the <QNAME>'s SOA RR set, the response is an authoritative negative answer as described in 2.2.1.1.
4) If the nameserver is authoritative for a zone or zones above the
QNAME, a referral to the most enclosing (deepest match) zone's
servers is made.
4) If the nameserver is authoritative for a zone or zones above the QNAME, a referral to the most enclosing (deepest match) zone's servers is made.
5) If the nameserver is not authoritative for any part of the QNAME,
a response indicating a lame nameserver for QNAME is given.
5) If the nameserver is not authoritative for any part of the QNAME, a response indicating a lame nameserver for QNAME is given.
Using these rules will require some special processing on the part of a DS RR aware resolver. To illustrate this, an example is used.
Using these rules will require some special processing on the part of a DS RR aware resolver. To illustrate this, an example is used.
Assuming a nameserver is authoritative for roots.example.net. and for the root zone but not the intervening two zones (or the intervening two label deep zone). Assume that QNAME=roots.example.net., QTYPE=DS, and QCLASS=IN.
Assuming a nameserver is authoritative for roots.example.net. and for the root zone but not the intervening two zones (or the intervening two label deep zone). Assume that QNAME=roots.example.net., QTYPE=DS, and QCLASS=IN.
The resolver will issue this request (assuming no cached data) expecting a referral to a nameserver for .net. Instead, rule number 3 above applies and a negative answer is returned by the nameserver. The reaction by the resolver is not to accept this answer as final, as it can determine from the SOA RR in the negative answer the context within which the nameserver has answered.
The resolver will issue this request (assuming no cached data) expecting a referral to a nameserver for .net. Instead, rule number 3 above applies and a negative answer is returned by the nameserver. The reaction by the resolver is not to accept this answer as final, as it can determine from the SOA RR in the negative answer the context within which the nameserver has answered.
A solution would be to instruct the resolver to hunt for the authoritative zone of the data in a brute force manner.
A solution would be to instruct the resolver to hunt for the authoritative zone of the data in a brute force manner.
This can be accomplished by taking the owner name of the returned SOA RR and striping off enough left-hand labels until a successful NS response is obtained. A successful response here means that the answer has NS records in it. (Entertaining the possibility that a cut point can be two labels down in a zone.)
This can be accomplished by taking the owner name of the returned SOA RR and striping off enough left-hand labels until a successful NS response is obtained. A successful response here means that the answer has NS records in it. (Entertaining the possibility that a cut point can be two labels down in a zone.)
Returning to the example, the response will include a negative answer with either the SOA RR for "roots.example.net." or "example.net." depending on whether roots.example.net is a delegated domain. In either case, removing the left most label of the SOA owner name will lead to the location of the desired data.
Returning to the example, the response will include a negative answer with either the SOA RR for "roots.example.net." or "example.net." depending on whether roots.example.net is a delegated domain. In either case, removing the left most label of the SOA owner name will lead to the location of the desired data.
2.2.1.3. Modification on use of KEY RR in the construction of Responses
2.2.1.3. Modification on use of KEY RR in the construction of Responses
This section updates RFC 2535 section 3.5 by replacing it with the following:
This section updates RFC 2535 section 3.5 by replacing it with the following:
Gudmundsson Standards Track [Page 8] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 8] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
A query for KEY RR MUST NOT trigger any additional section processing. Security aware resolvers will include corresponding SIG records in the answer section.
A query for KEY RR MUST NOT trigger any additional section processing. Security aware resolvers will include corresponding SIG records in the answer section.
KEY records SHOULD NOT be added to the additional records section in response to any query.
KEY records SHOULD NOT be added to the additional records section in response to any query.
RFC 2535 specified that KEY records be added to the additional section when SOA or NS records were included in an answer. This was done to reduce round trips (in the case of SOA) and to force out NULL KEYs (in the NS case). As this document obsoletes NULL keys, there is no need for the inclusion of KEYs with NSs. Furthermore, as SOAs are included in the authority section of negative answers, including the KEYs each time will cause redundant transfers of KEYs.
RFC 2535 specified that KEY records be added to the additional section when SOA or NS records were included in an answer. This was done to reduce round trips (in the case of SOA) and to force out NULL KEYs (in the NS case). As this document obsoletes NULL keys, there is no need for the inclusion of KEYs with NSs. Furthermore, as SOAs are included in the authority section of negative answers, including the KEYs each time will cause redundant transfers of KEYs.
RFC 2535 section 3.5 also included a rule for adding the KEY RRset to the response for a query for A and AAAA types. As Restrict KEY [RFC3445] eliminated use of KEY RR by all applications, this rule is no longer needed.
RFC 2535 section 3.5 also included a rule for adding the KEY RRset to the response for a query for A and AAAA types. As Restrict KEY [RFC3445] eliminated use of KEY RR by all applications, this rule is no longer needed.
2.2.2. Signer's Name (replaces RFC 3008 section 2.7)
2.2.2. Signer's Name (replaces RFC 3008 section 2.7)
The signer's name field of a SIG RR MUST contain the name of the zone to which the data and signature belong. The combination of signer's name, key tag, and algorithm MUST identify a zone key if the SIG is to be considered material. This document defines a standard policy for DNSSEC validation; local policy MAY override the standard policy.
The signer's name field of a SIG RR MUST contain the name of the zone to which the data and signature belong. The combination of signer's name, key tag, and algorithm MUST identify a zone key if the SIG is to be considered material. This document defines a standard policy for DNSSEC validation; local policy MAY override the standard policy.
There are no restrictions on the signer field of a SIG(0) record. The combination of signer's name, key tag, and algorithm MUST identify a key if this SIG(0) is to be processed.
There are no restrictions on the signer field of a SIG(0) record. The combination of signer's name, key tag, and algorithm MUST identify a key if this SIG(0) is to be processed.
2.2.3. Changes to RFC 3090
2.2.3. Changes to RFC 3090
A number of sections in RFC 3090 need to be updated to reflect the DS record.
A number of sections in RFC 3090 need to be updated to reflect the DS record.
2.2.3.1. RFC 3090: Updates to section 1: Introduction
2.2.3.1. RFC 3090: Updates to section 1: Introduction
Most of the text is still relevant but the words "NULL key" are to be replaced with "missing DS RRset". In section 1.3, the last three paragraphs discuss the confusion in sections of RFC 2535 that are replaced in section 2.2.1 above. Therefore, these paragraphs are now obsolete.
Most of the text is still relevant but the words "NULL key" are to be replaced with "missing DS RRset". In section 1.3, the last three paragraphs discuss the confusion in sections of RFC 2535 that are replaced in section 2.2.1 above. Therefore, these paragraphs are now obsolete.
Gudmundsson Standards Track [Page 9] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 9] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
2.2.3.2. RFC 3090 section 2.1: Globally Secured
2.2.3.2. RFC 3090 section 2.1: Globally Secured
Rule 2.1.b is replaced by the following rule:
Rule 2.1.b is replaced by the following rule:
2.1.b. The KEY RRset at a zone's apex MUST be self-signed by a private key whose public counterpart MUST appear in a zone signing KEY RR (2.a) owned by the zone's apex and specifying a mandatory-to- implement algorithm. This KEY RR MUST be identified by a DS RR in a signed DS RRset in the parent zone.
2.1.b. The KEY RRset at a zone's apex MUST be self-signed by a private key whose public counterpart MUST appear in a zone signing KEY RR (2.a) owned by the zone's apex and specifying a mandatory-to- implement algorithm. This KEY RR MUST be identified by a DS RR in a signed DS RRset in the parent zone.
If a zone cannot get its parent to advertise a DS record for it, the child zone cannot be considered globally secured. The only exception to this is the root zone, for which there is no parent zone.
If a zone cannot get its parent to advertise a DS record for it, the child zone cannot be considered globally secured. The only exception to this is the root zone, for which there is no parent zone.
2.2.3.3. RFC 3090 section 3: Experimental Status.
2.2.3.3. RFC 3090 section 3: Experimental Status.
The only difference between experimental status and globally secured is the missing DS RRset in the parent zone. All locally secured zones are experimental.
The only difference between experimental status and globally secured is the missing DS RRset in the parent zone. All locally secured zones are experimental.
2.2.4. NULL KEY elimination
2.2.4. NULL KEY elimination
RFC 3445 section 3 eliminates the top two bits in the flags field of KEY RR. These two bits were used to indicate NULL KEY or NO KEY. RFC 3090 defines that zone as either secure or not and these rules eliminate the need to put NULL keys in the zone apex to indicate that the zone is not secured for a algorithm. Along with this document, these other two eliminate all uses for the NULL KEY. This document obsoletes NULL KEY.
RFC 3445 section 3 eliminates the top two bits in the flags field of KEY RR. These two bits were used to indicate NULL KEY or NO KEY. RFC 3090 defines that zone as either secure or not and these rules eliminate the need to put NULL keys in the zone apex to indicate that the zone is not secured for a algorithm. Along with this document, these other two eliminate all uses for the NULL KEY. This document obsoletes NULL KEY.
2.3. Comments on Protocol Changes
2.3. Comments on Protocol Changes
Over the years, there have been various discussions surrounding the DNS delegation model, declaring it to be broken because there is no good way to assert if a delegation exists. In the RFC 2535 version of DNSSEC, the presence of the NS bit in the NXT bit map proves there is a delegation at this name. Something more explicit is required and the DS record addresses this need for secure delegations.
Over the years, there have been various discussions surrounding the DNS delegation model, declaring it to be broken because there is no good way to assert if a delegation exists. In the RFC 2535 version of DNSSEC, the presence of the NS bit in the NXT bit map proves there is a delegation at this name. Something more explicit is required and the DS record addresses this need for secure delegations.
The DS record is a major change to DNS: it is the first resource record that can appear only on the upper side of a delegation. Adding it will cause interoperability problems and requires a flag day for DNSSEC. Many old nameservers and resolvers MUST be upgraded to take advantage of DS. Some old nameservers will be able to be authoritative for zones with DS records but will not add the NXT or DS records to the authority section. The same is true for caching nameservers; in fact, some might even refuse to pass on the DS or NXT records.
The DS record is a major change to DNS: it is the first resource record that can appear only on the upper side of a delegation. Adding it will cause interoperability problems and requires a flag day for DNSSEC. Many old nameservers and resolvers MUST be upgraded to take advantage of DS. Some old nameservers will be able to be authoritative for zones with DS records but will not add the NXT or DS records to the authority section. The same is true for caching nameservers; in fact, some might even refuse to pass on the DS or NXT records.
Gudmundsson Standards Track [Page 10] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
Gudmundsson Standards Track [Page 10] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
2.4. Wire Format of the DS record
2.4. Wire Format of the DS record
The DS (type=43) record contains these fields: key tag, algorithm, digest type, and the digest of a public key KEY record that is allowed and/or used to sign the child's apex KEY RRset. Other keys MAY sign the child's apex KEY RRset.
DS(=43をタイプする)記録はこれらの分野を含んでいます: キー・タグ、アルゴリズムはタイプ、および子供の頂点がKEY RRsetであると署名するのに許容されている、そして/または、使用される公開鍵KEY記録のダイジェストを読みこなします。 他のキーは、子供の頂点がKEY RRsetであると署名するかもしれません。
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| key tag | algorithm | Digest type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| digest (length depends on type) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (SHA-1 digest is 20 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | キー・タグ| アルゴリズム| ダイジェストタイプ| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 読みこなしてください(長さをタイプに頼っています)。| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (SHA-1ダイジェストは20バイトです) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The key tag is calculated as specified in RFC 2535. Algorithm MUST be allowed to sign DNS data. The digest type is an identifier for the digest algorithm used. The digest is calculated over the canonical name of the delegated domain name followed by the whole RDATA of the KEY record (all four fields).
キー・タグはRFC2535で指定されるように計算されます。 アルゴリズムは、DNSがデータであると署名させなければなりません。 ダイジェストタイプは使用されるダイジェストアルゴリズムのための識別子です。 ダイジェストはKEY記録(すべての4つの分野)の全体のRDATAによって従われた代表として派遣されたドメイン名の正準な名前に関して計算されます。
digest = hash( canonical FQDN on KEY RR | KEY_RR_rdata)
ダイジェスト=ハッシュ(KEY RR| KEY_RR_rdataの上の正準なFQDN)
KEY_RR_rdata = Flags | Protocol | Algorithm | Public Key
主要な_RR_rdata=旗| プロトコル| アルゴリズム| 公開鍵
Digest type value 0 is reserved, value 1 is SHA-1, and reserving other types requires IETF standards action. For interoperability reasons, keeping number of digest algorithms low is strongly RECOMMENDED. The only reason to reserve additional digest types is to increase security.
ダイジェストタイプ価値0は予約されています、そして、値1はSHA-1です、そして、他のタイプを予約するのはIETF規格動作を必要とします。 数のダイジェストアルゴリズムを低く保つのは相互運用性理由で強くです。RECOMMENDED。 追加ダイジェストタイプを予約する唯一の理由はセキュリティを増強することです。
DS records MUST point to zone KEY records that are allowed to authenticate DNS data. The indicated KEY records protocol field MUST be set to 3; flag field bit 7 MUST be set to 1. The value of other flag bits is not significant for the purposes of this document.
DS記録はDNSデータを認証できるゾーンKEY記録を示さなければなりません。 記録プロトコルがさばく示されたKEYは3に用意ができなければなりません。 旗の分野ビット7を1に設定しなければなりません。 他のフラグビットの価値はこのドキュメントの目的のために重要ではありません。
The size of the DS RDATA for type 1 (SHA-1) is 24 bytes, regardless of key size. New digest types probably will have larger digests.
タイプ1(SHA-1)のためのDS RDATAのサイズは主要なサイズにかかわらず24バイトです。 新しいダイジェストタイプには、より大きいダイジェストがたぶんあるでしょう。
Gudmundsson Standards Track [Page 11] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[11ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
2.4.1. Justifications for Fields
2.4.1. 分野のための正当化
The algorithm and key tag fields are present to allow resolvers to quickly identify the candidate KEY records to examine. SHA-1 is a strong cryptographic checksum: it is computationally infeasible for an attacker to generate a KEY record that has the same SHA-1 digest. Combining the name of the key and the key rdata as input to the digest provides stronger assurance of the binding. Having the key tag in the DS record adds greater assurance than the SHA-1 digest alone, as there are now two different mapping functions.
アルゴリズムとキー・タグ分野は、レゾルバがすぐに調べる候補KEY記録を特定するのを許容するために存在しています。 SHA-1は強い暗号のチェックサムです: 攻撃者が同じSHA-1が読みこなすKEY記録を生成するのは、計算上実行不可能です。 ダイジェストに入力されるように主要なrdataと主要なrdataの名前を結合すると、結合の、より強い保証は提供されます。 DSのキー・タグを記録させると、SHA-1ダイジェストより大きい保証は単独で加えます、現在、2つの異なったマッピング機能があるとき。
This format allows concise representation of the keys that the child will use, thus keeping down the size of the answer for the delegation, reducing the probability of DNS message overflow. The SHA-1 hash is strong enough to uniquely identify the key and is similar to the PGP key footprint. The digest type field is present for possible future expansion.
この形式は子供が使用するキーの簡潔な表現を許容します、その結果、委譲のための答えのサイズを抑えます、DNSメッセージオーバーフローの確率を減少させて。 SHA-1ハッシュは、唯一キーを特定できるくらい強く、PGPの主要な足跡と同様です。 ダイジェストタイプ分野は可能な今後の拡張のために存在しています。
The DS record is well suited to listing trusted keys for islands of security in configuration files.
DS記録は構成ファイルにおけるセキュリティの島に信じられたキーを記載するのによく適しています。
2.5. Presentation Format of the DS Record
2.5. DS記録のプレゼンテーション形式
The presentation format of the DS record consists of three numbers (key tag, algorithm, and digest type) followed by the digest itself presented in hex:
DS記録のプレゼンテーション形式はダイジェスト自体があとに続いた十六進法で提示された3つの番号(キー・タグ、アルゴリズム、およびダイジェストタイプ)から成ります:
example. DS 12345 3 1 123456789abcdef67890123456789abcdef67890
例。 DS12345 3 1 123456789abcdef67890123456789abcdef67890
2.6. Transition Issues for Installed Base
2.6. インストールされた基地への変遷問題
No backwards compatibility with RFC 2535 is provided.
RFC2535とのどんな遅れている互換性も提供しません。
RFC 2535-compliant resolvers will assume that all DS-secured delegations are locally secure. This is bad, but the DNSEXT Working Group has determined that rather than dealing with both RFC 2535- secured zones and DS-secured zones, a rapid adoption of DS is preferable. Thus, the only option for early adopters is to upgrade to DS as soon as possible.
RFCの2535年の対応することのレゾルバは、すべてのDSによって機密保護された委譲が局所的に安全であると仮定するでしょう。 これは悪いのですが、DNSEXT作業部会は、ゾーンであることが固定されたRFC2535とDSによって機密保護されたゾーンの両方に対処するよりむしろ、DSの急速な採用が望ましいことを決定しました。 したがって、初期採用者のための唯一のオプションはできるだけ早くDSにアップグレードすることです。
2.6.1. Backwards compatibility with RFC 2535 and RFC 1035
2.6.1. RFC2535とRFC1035との遅れている互換性
This section documents how a resolver determines the type of delegation.
このセクションはレゾルバがどう委譲のタイプを決心しているかを記録します。
Gudmundsson Standards Track [Page 12] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[12ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
RFC 1035 delegation (in parent) has:
RFC1035委譲(親の)には、以下があります。
RFC 1035 NS
1035ナノ秒RFC
RFC 2535 adds the following two cases:
RFC2535は以下の2つのケースを加えます:
Secure RFC 2535: NS + NXT + SIG(NXT)
NXT bit map contains: NS SIG NXT
Unsecure RFC 2535: NS + KEY + SIG(KEY) + NXT + SIG(NXT)
NXT bit map contains: NS SIG KEY NXT
KEY must be a NULL key.
RFCが2535であると機密保護してください: NS+NXT+SIG(NXT)NXTビットマップは以下を含んでいます。 ナノ秒、SIG NXT Unsecure RFC2535: NS+KEY+SIG(KEY)+NXT+SIG(NXT)NXTビットマップは以下を含んでいます。 NS SIG KEY NXT KEYはNULLキーであるに違いありません。
DNSSEC with DS has the following two states:
DSとDNSSECには、以下の2つの州があります:
Secure DS: NS + DS + SIG(DS)
NXT bit map contains: NS SIG NXT DS
Unsecure DS: NS + NXT + SIG(NXT)
NXT bit map contains: NS SIG NXT
DSを固定してください: NS+DS+SIG(DS)NXTビットマップは以下を含んでいます。 ナノ秒SIG NXT DS Unsecure DS: NS+NXT+SIG(NXT)NXTビットマップは以下を含んでいます。 ナノ秒SIG NXT
It is difficult for a resolver to determine if a delegation is secure RFC 2535 or unsecure DS. This could be overcome by adding a flag to the NXT bit map, but only upgraded resolvers would understand this flag, anyway. Having both parent and child signatures for a KEY RRset might allow old resolvers to accept a zone as secure, but the cost of doing this for a long time is much higher than just prohibiting RFC 2535-style signatures at child zone apexes and forcing rapid deployment of DS-enabled nameservers and resolvers.
レゾルバが、委譲が安全なRFC2535かそれともunsecure DSであるかを決心しているのは、難しいです。 NXTビットマップに旗を加えることによって、これに打ち勝つことができるでしょうが、アップグレードしたレゾルバだけがとにかくこの旗を理解しているでしょう。 年取ったレゾルバが、KEY RRsetのために両方の親子署名を持っているのにゾーンが安全であると受け入れることができるかもしれませんが、長い間これをする費用は子供ゾーンの頂点でただRFCの2535スタイルの署名を禁止して、DSによって可能にされたネームサーバとレゾルバの急速な展開を強制するよりはるかに高いです。
RFC 2535 and DS can, in theory, be deployed in parallel, but this would require resolvers to deal with RFC 2535 configurations forever. This document obsoletes the NULL KEY in parent zones, which is a difficult enough change that to cause a flag day.
平行で理論上RFC2535とDSを配布することができますが、これは、レゾルバがいつまでもRFC2535構成に対処するのを必要とするでしょう。このドキュメントは親ゾーンでNULL KEYを時代遅れにして、どれが十分難しいaであるかは、旗の日を引き起こすためにそれを変えます。
2.7. KEY and corresponding DS record example
2.7. KEYと対応するDSは例を記録します。
This is an example of a KEY record and the corresponding DS record.
これはKEY記録と対応するDS記録に関する例です。
dskey.example. KEY 256 3 1 (
AQPwHb4UL1U9RHaU8qP+Ts5bVOU1s7fYbj2b3CCbzNdj
4+/ECd18yKiyUQqKqQFWW5T3iVc8SJOKnueJHt/Jb/wt
) ; key id = 28668
DS 28668 1 1 49FD46E6C4B45C55D4AC69CBD3CD34AC1AFE51DE
dskey.example。 キー256 3 1(AQPwHb4UL1U9RHaU8qP+Ts5bVOU1s7fYbj2b3CCbzNdj4+/ECd18yKiyUQqKqQFWW5T3iVc8SJOKnueJHt/Jb/wt)。 主要なイドは28668DS28668 1 1 49FD46E6C4B45C55D4AC69CBD3CD34AC1AFE51DEと等しいです。
Gudmundsson Standards Track [Page 13] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[13ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
3. Resolver
3. レゾルバ
3.1. DS Example
3.1. DSの例
To create a chain of trust, a resolver goes from trusted KEY to DS to KEY.
信頼のチェーンを創設するために、レゾルバは信じられたKEYからDSまでKEYに行きます。
Assume the key for domain "example." is trusted. Zone "example."
contains at least the following records:
example. SOA <soa stuff>
example. NS ns.example.
example. KEY <stuff>
example. NXT secure.example. NS SOA KEY SIG NXT
example. SIG(SOA)
example. SIG(NS)
example. SIG(NXT)
example. SIG(KEY)
secure.example. NS ns1.secure.example.
secure.example. DS tag=12345 alg=3 digest_type=1 <foofoo>
secure.example. NXT unsecure.example. NS SIG NXT DS
secure.example. SIG(NXT)
secure.example. SIG(DS)
unsecure.example NS ns1.unsecure.example.
unsecure.example. NXT example. NS SIG NXT
unsecure.example. SIG(NXT)
ドメインへのキーが「例」であると仮定してください。. 信じられます。 ゾーン「例」 少なくとも以下の記録を含んでいます: 例。 SOA<soaものの>の例。 NS ns.example例。 KEY<ものの>の例。 NXT secure.example。 NS SOA KEY SIG NXTの例。 SIG(SOA)の例。 SIG(NS)の例。 SIG(NXT)の例。 SIG(KEY)secure.example。 NS ns1.secure.example secure.example。 DSタグ=12345alg=3ダイジェスト_タイプは1<foofoo>secure.exampleと等しいです。 NXT unsecure.example。 NS SIG NXT DS secure.example。 SIG(NXT)secure.example。 SIG(DS)unsecure.example NS ns1.unsecure.example unsecure.example。 NXTの例。 NS SIG NXT unsecure.example。 SIG(NXT)
In zone "secure.example." following records exist:
secure.example. SOA <soa stuff>
secure.example. NS ns1.secure.example.
secure.example. KEY <tag=12345 alg=3>
secure.example. KEY <tag=54321 alg=5>
secure.example. NXT <nxt stuff>
secure.example. SIG(KEY) <key-tag=12345 alg=3>
secure.example. SIG(SOA) <key-tag=54321 alg=5>
secure.example. SIG(NS) <key-tag=54321 alg=5>
secure.example. SIG(NXT) <key-tag=54321 alg=5>
ゾーンでは、"secure.example" 次の記録が存在しています: secure.example。 SOA<soaものの>secure.example。 NS ns1.secure.example secure.example。 KEY<タグは12345alg=3>secure.exampleと等しいです。 KEY<タグは54321alg=5>secure.exampleと等しいです。 NXT<nxtものの>secure.example。 SIG(KEY)<キー・タグは12345alg=3>secure.exampleと等しいです。 SIG(SOA)<キー・タグは54321alg=5>secure.exampleと等しいです。 SIG(NS)<キー・タグは54321alg=5>secure.exampleと等しいです。 SIG(NXT)<キー・タグは54321alg=5>と等しいです。
In this example, the private key for "example." signs the DS record for "secure.example.", making that a secure delegation. The DS record states which key is expected to sign the KEY RRset at "secure.example.". Here "secure.example." signs its KEY RRset with the KEY identified in the DS RRset, thus the KEY RRset is validated and trusted.
この例、「例」 DSが"secure.example"のために記録するサインのための秘密鍵でする、それを安全な委譲にします。 DS記録は、どのキーが"secure.example"でKEY RRsetに署名すると予想されるかを述べます。 ここで、"secure.example" KEYとKEY RRsetがDS RRsetで特定したサインであり、その結果、KEY RRsetは有効にされて、信じられます。
This example has only one DS record for the child, but parents MUST allow multiple DS records to facilitate key roll-over and multiple KEY algorithms.
1DSだけが子供のためにこの例で記録しますが、両親は複数のDS記録に主要なロールオーバーと複数のKEYアルゴリズムを容易にさせなければなりません。
Gudmundsson Standards Track [Page 14] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[14ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
The resolver determines the security status of "unsecure.example." by examining the parent zone's NXT record for this name. The absence of the DS bit indicates an unsecure delegation. Note the NXT record SHOULD only be examined after verifying the corresponding signature.
レゾルバは"unsecure.example"のセキュリティ状態を決定します。親ゾーンのNXTを調べることによって、この名前のために記録してください。 DSビットの欠如はunsecure委譲を示します。 対応する署名について確かめた後にNXTの記録的なSHOULDが調べられるだけであることに注意してください。
3.2. Resolver Cost Estimates for DS Records
3.2. DS記録のためのレゾルバ費用見積り
From a RFC 2535 recursive resolver point of view, for each delegation followed to chase down an answer, one KEY RRset has to be verified. Additional RRsets might also need to be verified based on local policy (e.g., the contents of the NS RRset). Once the resolver gets to the appropriate delegation, validating the answer might require verifying one or more signatures. A simple A record lookup requires at least N delegations to be verified and one RRset. For a DS- enabled recursive resolver, the cost is 2N+1. For an MX record, where the target of the MX record is in the same zone as the MX record, the costs are N+2 and 2N+2, for RFC 2535 and DS, respectively. In the case of a negative answer, the same ratios hold true.
2535年のRFCの再帰的なレゾルバ観点から、答えを追跡するために続かれる各委譲において、1KEY RRsetが確かめられなければなりません。 また、追加RRsetsは、ローカルの方針(例えば、NS RRsetのコンテンツ)に基づいて確かめられる必要があるかもしれません。 レゾルバがいったん適切な委譲を始めると、答えを有効にするのは、1つ以上の署名について確かめるのを必要とするかもしれません。 A簡単な記録ルックアップは少なくともN確かめられるべき委譲と1RRsetを必要とします。 DSの可能にされた再帰的なレゾルバに関しては、費用は2N+1です。 MX記録に関しては、コストは、それぞれRFC2535とDSのためのN+2と2N+2です。そこに、MX記録の目標がMX記録と同じゾーンにあります。 否定的な返答の場合では、同じ比率は有効です。
The recursive resolver has to do an extra query to get the DS record, which will increase the overall cost of resolving this question, but it will never be worse than chasing down NULL KEY records from the parent in RFC 2535 DNSSEC.
再帰的なレゾルバがこの質問を決議する全費用を増強するDS記録を得るために付加的な質問をしなければなりませんが、それはRFC2535DNSSECの親からのNULL KEY記録を追跡するより決して悪くなくなるでしょう。
DS adds processing overhead on resolvers and increases the size of delegation answers, but much less than storing signatures in the parent zone.
DSは委譲答えのサイズの、しかし、署名を保存するよりはるかに親ゾーンで少ないレゾルバと増加のときに処理オーバヘッドを加えます。
4. Security Considerations
4. セキュリティ問題
This document proposes a change to the validation chain of KEY records in DNSSEC. The change is not believed to reduce security in the overall system. In RFC 2535 DNSSEC, the child zone has to communicate keys to its parent and prudent parents will require some authentication with that transaction. The modified protocol will require the same authentication, but allows the child to exert more local control over its own KEY RRset.
このドキュメントはDNSSECでのKEY記録の合法化チェーンへの変化を提案します。 変化が総合体系におけるセキュリティを下げると信じられていません。 RFC2535DNSSECでは、子供ゾーンは親のキーを伝えなければなりません、そして、慎重な両親はそのトランザクションがある何らかの認証を必要とするでしょう。 変更されたプロトコルで、同じ認証を必要としますが、子供はそれ自身のKEY RRsetの、より地方のコントロールを及ぼします。
There is a remote possibility that an attacker could generate a valid KEY that matches all the DS fields, of a specific DS set, and thus forge data from the child. This possibility is considered impractical, as on average more than
攻撃者は子供から特定のDSセットのすべてのDS分野に合っている有効なKEYを生成して、その結果、鍛造データを生成することができたリモート可能性があります。 この可能性は平均した以上のように非実用的であると考えられます。
2 ^ (160 - <Number of keys in DS set>)
2 ^ (160--DSセット>のキーの<番号)
keys would have to be generated before a match would be found.
マッチが見つけられる前にキーは生成されなければならないでしょう。
Gudmundsson Standards Track [Page 15] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[15ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
An attacker that wants to match any DS record will have to generate on average at least 2^80 keys.
どんなDS記録にも合いたがっている攻撃者は少なくとも2^に80個のキーを平均的に生成しなければならないでしょう。
The DS record represents a change to the DNSSEC protocol and there is an installed base of implementations, as well as textbooks on how to set up secure delegations. Implementations that do not understand the DS record will not be able to follow the KEY to DS to KEY chain and will consider all zones secured that way as unsecure.
DS記録はDNSSECプロトコルへの変化を表します、そして、実装のインストールされたベースがあります、どう安全な委譲をセットアップするかに関する教科書と同様に。 DS記録を理解していない実装が、KEYチェーンへのDSにKEYに続くことができないで、そのようにunsecureとして保証されたすべてのゾーンを考えるでしょう。
5. IANA Considerations
5. IANA問題
IANA has allocated an RR type code for DS from the standard RR type space (type 43).
IANAはDSのために標準のRRタイプスペースからRRタイプコードを割り当てました(43をタイプしてください)。
IANA has established a new registry for the DS RR type for digest algorithms. Defined types are:
IANAはダイジェストアルゴリズムのためのDS RRタイプのために新しい登録を確立しました。定義されたタイプは以下の通りです。
0 is Reserved,
1 is SHA-1.
0がReservedである、1はSHA-1です。
Adding new reservations requires IETF standards action.
新しい予約を加えるのはIETF規格動作を必要とします。
6. Intellectual Property Statement
6. 知的所有権声明
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETFはどんな知的所有権の正当性か範囲、実装に関係すると主張されるかもしれない他の権利、本書では説明された技術の使用またはそのような権利の下におけるどんなライセンスも利用可能であるかもしれない、または利用可能でないかもしれない範囲に関しても立場を全く取りません。 どちらも、それはそれを表しません。どんなそのような権利も特定するためにいずれも取り組みにしました。 BCP-11で標準化過程の権利と規格関連のドキュメンテーションに関するIETFの手順に関する情報を見つけることができます。 権利のクレームのコピーで利用可能に作られるべきライセンスの保証、または一般的なライセンスか許可が作成者によるそのような所有権の使用に得させられた試みの結果が公表といずれにも利用可能になったか、またはIETF事務局からこの仕様のユーザを得ることができます。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETFはこの規格を練習するのに必要であるかもしれない技術をカバーするかもしれないどんな著作権もその注目していただくどんな利害関係者、特許、特許出願、または他の所有権も招待します。 IETF専務に情報を扱ってください。
Gudmundsson Standards Track [Page 16] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[16ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
7. Acknowledgments
7. 承認
Over the last few years a number of people have contributed ideas that are captured in this document. The core idea of using one key to sign only the KEY RRset comes from discussions with Bill Manning and Perry Metzger on how to put in a single root key in all resolvers. Alexis Yushin, Brian Wellington, Sam Weiler, Paul Vixie, Jakob Schlyter, Scott Rose, Edward Lewis, Lars-Johan Liman, Matt Larson, Mark Kosters, Dan Massey, Olaf Kolman, Phillip Hallam-Baker, Miek Gieben, Havard Eidnes, Donald Eastlake 3rd., Randy Bush, David Blacka, Steve Bellovin, Rob Austein, Derek Atkins, Roy Arends, Mark Andrews, Harald Alvestrand, and others have provided useful comments.
ここ数年間にわたって、多くの人々が本書では得られる考えを寄付しています。 KEY RRsetだけに署名するのに1個のキーを使用するというコア考えはすべてのレゾルバでどう単一のルートキーを入れるかのビル・マニングとペリーメッツガーとの議論から来ます。 アレックサスYushin、ブライアン・ウェリントン、サム・ウィーラー、ポールVixie、ジェイコブSchlyter、スコット・ローズ、エドワード・ルイス、ラース-ジョハン・ライマン、マット・ラーソン、ダン・マッシー、オラフ・コールマン、フィリップ・ハラム-ベイカー、Miek Gieben、Havard Eidnes、3歳のドナルドイーストレークマークKosters番目、ランディ・ブッシュ、デヴィッドBlacka、スティーブBellovin、ロブAustein、デリック・アトキンス、ロイArends、マーク・アンドリュース、ハラルドAlvestrand、および他のものは役に立つコメントを提供しました。
8. References
8. 参照
8.1. Normative References
8.1. 引用規格
[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC 1035, November 1987.
[RFC1035]Mockapetris、P.、「ドメイン名--、実装と仕様、」、STD13、RFC1035、11月1987日
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119] ブラドナー、S.、「Indicate Requirement LevelsへのRFCsにおける使用のためのキーワード」、BCP14、RFC2119、1997年3月。
[RFC2535] Eastlake, D., "Domain Name System Security Extensions",
RFC 2535, March 1999.
[RFC2535] イーストレーク、D.、「ドメインネームシステムセキュリティ拡大」、RFC2535、1999年3月。
[RFC3008] Wellington, B., "Domain Name System Security (DNSSEC)
Signing Authority", RFC 3008, November 2000.
[RFC3008] ウェリントン、B.、「ドメインネームシステムセキュリティ(DNSSEC)署名権威」、RFC3008、2000年11月。
[RFC3090] Lewis, E., "DNS Security Extension Clarification on Zone
Status", RFC 3090, March 2001.
[RFC3090] ルイス、E.、「ゾーン状態におけるDNSセキュリティ拡大明確化」、RFC3090、2001年3月。
[RFC3225] Conrad, D., "Indicating Resolver Support of DNSSEC", RFC
3225, December 2001.
[RFC3225] コンラッド、D.、「DNSSECのレゾルバサポートを示します」、RFC3225、2001年12月。
[RFC3445] Massey, D. and S. Rose, "Limiting the scope of the KEY
Resource Record (RR)", RFC 3445, December 2002.
[RFC3445] マッシーとD.とS.ローズ、「KEY Resource Record(RR)の範囲を制限します」、RFC3445、2002年12月。
8.2. Informational References
8.2. 情報の参照
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
Specification", RFC 2181, July 1997.
[RFC2181] ElzとR.とR.ブッシュ、「DNS仕様への明確化」、RFC2181、1997年7月。
[RFC3226] Gudmundsson, O., "DNSSEC and IPv6 A6 aware server/resolver
message size requirements", RFC 3226, December 2001.
[RFC3226] グドムンソン、O.、「DNSSECとIPv6 A6の意識しているサーバ/レゾルバメッセージサイズ要件」、RFC3226、2001年12月。
Gudmundsson Standards Track [Page 17] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[17ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
9. Author's Address
9. 作者のアドレス
Olafur Gudmundsson 3821 Village Park Drive Chevy Chase, MD, 20815
Olafurグドムンソン3821・村の公園Driveチェビー・チェイス、MD 20815
EMail: ds-rfc@ogud.com
メール: ds-rfc@ogud.com
Gudmundsson Standards Track [Page 18] RFC 3658 Delegation Signer (DS) Resource Record (RR) December 2003
グドムンソン標準化過程[18ページ]RFC3658委譲署名者(DS)リソース記録(RR)2003年12月
10. Full Copyright Statement
10. 完全な著作権宣言文
Copyright (C) The Internet Society (2003). All Rights Reserved.
Copyright(C)インターネット協会(2003)。 All rights reserved。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
それに関するこのドキュメントと翻訳は、コピーして、それが批評するか、またはそうでなければわかる他のもの、および派生している作品に提供するか、または準備されているかもしれなくて、コピーされて、発行されて、全体か一部分配された実装を助けるかもしれません、どんな種類の制限なしでも、上の版権情報とこのパラグラフがそのようなすべてのコピーと派生している作品の上に含まれていれば。 しかしながら、このドキュメント自体は何らかの方法で変更されないかもしれません、インターネット協会か他のインターネット組織の版権情報か参照を取り除くのなどように、それを英語以外の言語に翻訳するのが著作権のための手順がインターネットStandardsプロセスで定義したどのケースに従わなければならないか、必要に応じてさもなければ、インターネット標準を開発する目的に必要であるのを除いて。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上に承諾された限られた許容は、永久であり、そのインターネット協会、後継者または指定代理人によって取り消されないでしょう。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
このドキュメントとそして、「そのままで」という基礎とインターネットの振興発展を目的とする組織に、インターネット・エンジニアリング・タスク・フォースが速達の、または、暗示しているすべての保証を放棄するかどうかというここにことであり、他を含んでいて、含まれて、情報の使用がここに侵害しないどんな保証も少しもまっすぐになるという情報か市場性か特定目的への適合性のどんな黙示的な保証。
Acknowledgement
承認
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC Editor機能のための基金は現在、インターネット協会によって提供されます。
Gudmundsson Standards Track [Page 19]
グドムンソン標準化過程[19ページ]
一覧
スポンサーリンク
