• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

RFC3008 - Domain Name System Security (DNSSEC) Signing Authority

发布: 2007-6-23 14:09 | 作者:   | 来源:   | 查看: 15次 | 进入软件测试论坛讨论

领测软件测试网

   
  Network Working Group B. Wellington
Request for Comments: 3008 Nominum
Updates: 2535 November 2000
Category: Standards Track

Domain Name System Security (DNSSEC) Signing Authority

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document proposes a revised model of Domain Name System Security
(DNSSEC) Signing Authority. The revised model is designed to clarify
earlier documents and add additional restrictions to simplify the
secure resolution process. Specifically, this affects the
authorization of keys to sign sets of records.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119].

1 - Introduction

This document defines additional restrictions on DNSSEC signatures
(SIG) records relating to their authority to sign associated data.
The intent is to establish a standard policy followed by a secure
resolver; this policy can be augmented by local rules. This builds
upon [RFC2535], updating section 2.3.6 of that document.

The most significant change is that in a secure zone, zone data is
required to be signed by the zone key.

Familiarity with the DNS system [RFC1034, RFC1035] and the DNS
security extensions [RFC2535] is assumed.

2 - The SIG Record

A SIG record is normally associated with an RRset, and "covers" (that
is, demonstrates the authenticity and integrity of) the RRset. This
is referred to as a "data SIG". Note that there can be multiple SIG
records covering an RRset, and the same validation process should be
repeated for each of them. Some data SIGs are considered "material",
that is, relevant to a DNSSEC capable resolver, and some are
"immaterial" or "extra-DNSSEC", as they are not relevant to DNSSEC
validation. Immaterial SIGs may have application defined roles. SIG
records may exist which are not bound to any RRset; these are also
considered immaterial. The validation process determines which SIGs
are material; once a SIG is shown to be immaterial, no other
validation is necessary.

SIGs may also be used for transaction security. In this case, a SIG
record with a type covered field of 0 is attached to a message, and
is used to protect message integrity. This is referred to as a
SIG(0) [RFC2535, RFC2931].

The following sections define requirements for all of the fields of a
SIG record. These requirements MUST be met in order for a DNSSEC
capable resolver to process this signature. If any of these
requirements are not met, the SIG cannot be further processed.
Additionally, once a KEY has been identified as having generated this
SIG, there are requirements that it MUST meet.

2.1 - Type Covered

For a data SIG, the type covered MUST be the same as the type of data
in the associated RRset. For a SIG(0), the type covered MUST be 0.

2.2 - Algorithm Number

The algorithm specified in a SIG MUST be recognized by the client,
and it MUST be an algorithm that has a defined SIG rdata format.

2.3 - Labels

The labels count MUST be less than or equal to the number of labels
in the SIG owner name, as specified in [RFC2535, section 4.1.3].

2.4 - Original TTL

The original TTL MUST be greater than or equal to the TTL of the SIG
record itself, since the TTL cannot be increased by intermediate
servers. This field can be ignored for SIG(0) records.

2.5 - Signature Expiration and Inception

The current time at the time of validation MUST lie within the
validity period bounded by the inception and expiration times.

2.6 - Key Tag

There are no restrictions on the Key Tag field, although it is
possible that future algorithms will impose constraints.

2.7 - Signer's Name

The signer's name field of a data SIG MUST contain the name of the
zone to which the data and signature belong. The combination of
signer's name, key tag, and algorithm MUST identify a zone key if the
SIG is to be considered material. The only exception that the
signer's name field in a SIG KEY at a zone apex SHOULD contain the
parent zone's name, unless the KEY set is self-signed. This document
defines a standard policy for DNSSEC validation; local policy may
override the standard policy.

There are no restrictions on the signer field of a SIG(0) record.
The combination of signer's name, key tag, and algorithm MUST
identify a key if this SIG(0) is to be processed.

2.8 - Signature

There are no restrictions on the signature field. The signature will
be verified at some point, but does not need to be examined prior to
verification unless a future algorithm imposes constraints.

3 - The Signing KEY Record

Once a signature has been examined and its fields validated (but
before the signature has been verified), the resolver attempts to
locate a KEY that matches the signer name, key tag, and algorithm
fields in the SIG. If one is not found, the SIG cannot be verified
and is considered immaterial. If KEYs are found, several fields of
the KEY record MUST have specific values if the SIG is to be
considered material and authorized. If there are multiple KEYs, the
following checks are performed on all of them, as there is no way to
determine which one generated the signature until the verification is
performed.

3.1 - Type Flags

The signing KEY record MUST have a flags value of 00 or 01
(authentication allowed, confidentiality optional) [RFC2535, 3.1.2].
A DNSSEC resolver MUST only trust signatures generated by keys that
are permitted to authenticate data.

3.2 - Name Flags

The interpretation of this field is considerably different for data
SIGs and SIG(0) records.

3.2.1 - Data SIG

If the SIG record covers an RRset, the name type of the associated
KEY MUST be 01 (zone) [RFC2535, 3.1.2]. This updates RFC2535,
section 2.3.6. The DNSSEC validation process performed by a resolver
MUST ignore all keys that are not zone keys unless local policy
dictates otherwise.

The primary reason that RFC2535 allows host and user keys to
generate material DNSSEC signatures is to allow dynamic update
without online zone keys; that is, avoid storing private keys in an
online server. The desire to avoid online signing keys cannot be
achieved, though, because they are necessary to sign NXT and SOA sets
[RFC3007]. These online zone keys can sign any incoming data.
Removing the goal of having no online keys removes the reason to
allow host and user keys to generate material signatures.

Limiting material signatures to zone keys simplifies the validation
process. The length of the verification chain is bounded by the
name's label depth. The authority of a key is clearly defined; a
resolver does not need to make a potentially complicated decision to
determine whether a key has the proper authority to sign data.

Finally, there is no additional flexibility granted by allowing
host/user key generated material signatures. As long as users and
hosts have the ability to authenticate update requests to the primary
zone server, signatures by zone keys are sufficient to protect the
integrity of the data to the world at large.

3.2.2 - SIG(0)

If the SIG record is a SIG(0) protecting a message, the name type of
the associated KEY SHOULD be 00 (user) or 10 (host/entity).
Transactions are initiated by a host or user, not a zone, so zone
keys SHOULD not generate SIG(0) records.

A client is either explicitly executed by a user or on behalf of a
host, therefore the name type of a SIG(0) generated by a client
SHOULD be either user or host. A nameserver is associated with a
host, and its use of SIG(0) is not associated with a particular zone,
so the name type of a SIG(0) generated by a nameserver SHOULD be
host.

3.3 - Signatory Flags

This document does not assign any values to the signatory field, nor
require any values to be present.

3.4 - Protocol

The signing KEY record MUST have a protocol value of 3 (DNSSEC) or
255 (ALL). If a key is not specified for use with DNSSEC, a DNSSEC
resolver MUST NOT trust any signature that it generates.

3.5 - Algorithm Number

The algorithm field MUST be identical to that of the generated SIG
record, and MUST meet all requirements for an algorithm value in a
SIG record.

4 - Security Considerations

This document defines a standard baseline for a DNSSEC capable
resolver. This is necessary for a thorough security analysis of
DNSSEC, if one is to be done.

Specifically, this document places additional restrictions on SIG
records that a resolver must validate before the signature can be
considered worthy of DNSSEC trust. This simplifies the protocol,
making it more robust and able to withstand scrutiny by the security
community.

5 - Acknowledgements

The author would like to thank the following people for review and
informative comments (in alphabetical order):

Olafur Gudmundsson
Ed Lewis

6 - References

[RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities",
STD 13, RFC1034, November 1987.

[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC1035, November 1987.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC2119, March 1997.

[RFC2136] Vixie (Ed.), P., Thomson, S., Rekhter, Y. and J. Bound,
"Dynamic Updates in the Domain Name System", RFC2136,
April 1997.

[RFC2535] Eastlake, D., "Domain Name System Security Extensions",
RFC2535, March 1999.

[RFC2931] Eastlake, D., "DNS Request and Transaction Signatures
(SIG(0)s )", RFC2931, September 2000.

[RFC3007] Wellington, B., "Simple Secure Domain Name System
(DNS) Dynamic Update", RFC3007, November 2000.

7 - Author's Address

Brian Wellington
Nominum, Inc.
950 Charter Street
Redwood City, CA 94063

Phone: +1 650 381 6022
EMail: Brian.Wellington@nominum.com

8 Full Copyright Statement

Copyright (C) The Internet Society (2000). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFCEditor function is currently provided by the
Internet Society.

延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/


关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备2023014753号-2
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网