< draft-reddy-dprive-bootstrap-dns-server-02.txt   draft-reddy-dprive-bootstrap-dns-server-03.txt >
DPRIVE WG T. Reddy DPRIVE WG T. Reddy
Internet-Draft McAfee Internet-Draft McAfee
Intended status: Standards Track D. Wing Intended status: Standards Track D. Wing
Expires: September 27, 2019 Expires: November 8, 2019 Citrix
M. Richardson M. Richardson
Sandelman Software Works Sandelman Software Works
M. Boucadair M. Boucadair
Orange Orange
March 26, 2019 May 7, 2019
A Bootstrapping Procedure to Discover and Authenticate DNS-over-(D)TLS A Bootstrapping Procedure to Discover and Authenticate DNS-over-(D)TLS
and DNS-over-HTTPS Servers and DNS-over-HTTPS Servers
draft-reddy-dprive-bootstrap-dns-server-02 draft-reddy-dprive-bootstrap-dns-server-03
Abstract Abstract
This document specifies mechanisms to automatically bootstrap This document specifies mechanisms to automatically bootstrap
endpoints (e.g., hosts, Customer Equipment) to discover and endpoints (e.g., hosts, Customer Equipment) to discover and
authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a
local network. local network.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2019. This Internet-Draft will expire on November 8, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Bootstrapping Endpoint Devices . . . . . . . . . . . . . . . 5 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Bootstrapping IoT Devices and CPE . . . . . . . . . . . . . . 6 4. Bootstrapping Endpoint Devices . . . . . . . . . . . . . . . 5
5. Discovery Procedure . . . . . . . . . . . . . . . . . . . . . 7 5. Bootstrapping IoT Devices . . . . . . . . . . . . . . . . . . 7
5.1. Resolution . . . . . . . . . . . . . . . . . . . . . . . 8 6. DNS-over-(D)TLS and DNS-over-HTTPS Server Discovery Procedure 8
6. Connection handshake and service invocation . . . . . . . . . 9 7. Connection Handshake and Service Invocation . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. EST Service Discovery Procedure . . . . . . . . . . . . . . . 10
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 10 8.1. mDNS . . . . . . . . . . . . . . . . . . . . . . . . . . 10
8.1. Privacy Extension Syntax . . . . . . . . . . . . . . . . 10 9. Network Reattachment . . . . . . . . . . . . . . . . . . . . 11
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 10. Privacy Considerations . . . . . . . . . . . . . . . . . . . 12
9.1. Application Service & Application Protocol Tags . . . . . 10 10.1. Privacy Extension Format . . . . . . . . . . . . . . . . 12
9.1.1. DNS Application Service Tag Registration . . . . . . 10 10.2. Privacy Extension Syntax . . . . . . . . . . . . . . . . 13
9.1.2. dns.tls Application Protocol Tag Registration . . . . 11 11. Security Considerations . . . . . . . . . . . . . . . . . . . 15
9.1.3. dns.dtls Application Protocol Tag Registration . . . 11 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
9.1.4. dns.https Application Protocol Tag Registration . . . 11 12.1. Application Service & Application Protocol Tags . . . . 16
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 12.1.1. DNS Application Service Tag Registration . . . . . . 16
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 12.1.2. dns.tls Application Protocol Tag Registration . . . 16
11.1. Normative References . . . . . . . . . . . . . . . . . . 11 12.1.3. dns.dtls Application Protocol Tag Registration . . . 16
11.2. Informative References . . . . . . . . . . . . . . . . . 13 12.1.4. dns.https Application Protocol Tag Registration . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
14.1. Normative References . . . . . . . . . . . . . . . . . . 17
14.2. Informative References . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
Traditionally a caching DNS server has been provided by the local Traditionally a caching DNS server has been provided by local
network. This provides benefits like low latency to that DNS server networks. This provides benefits such as low latency to reach that
(due to its network proximity to the endpoint). However, if an DNS server (owing to its network proximity to the endpoint).
endpoint is configured to use Internet-hosted or public DNS- However, if an endpoint is configured to use Internet-hosted or
over-(D)TLS [RFC7858] [RFC8094] or DNS-over-HTTPS [RFC8484] servers, public DNS-over-(D)TLS [RFC7858] [RFC8094] or DNS-over-HTTPS
the local DNS server cannot serve the DNS requests from the [RFC8484] servers, any available local DNS server cannot serve DNS
endpoints. If public DNS servers are used instead of using local DNS requests from local endpoints. If public DNS servers are used
servers, the operational problems are listed below: instead of using local DNS servers, some operational problems can
occur such as those listed below:
o "Split DNS" [RFC2775] to use the special internal-only domain o "Split DNS" [RFC2775] to use the special internal-only domain
names (e.g., "internal.example.com") in enterprise networks will names (e.g., "internal.example.com") in enterprise networks will
not work, and ".local" and "home.arpa" names cannot be locally not work, and ".local" and "home.arpa" names cannot be locally
resolved in home networks. resolved in home networks.
o Content Delivery Networks (CDNs) that map traffic based on DNS may o Content Delivery Networks (CDNs) that map traffic based on DNS may
lose the ability to direct end-user traffic to a nearby cluster in lose the ability to direct end-user traffic to a nearby service-
cases where a DNS service is being used that is not affiliated specific cluster in cases where a DNS service is being used that
with the local network and which does not send "EDNS Client is not affiliated with the local network and which does not send
Subnet" (ECS) information [RFC7871] to the CDN's DNS authorities "EDNS Client Subnet" (ECS) information [RFC7871] to the CDN's DNS
[CDN]. authorities [CDN].
o Some clients have pre-configured specific public DNS servers (such
as Mozilla using Cloudflare's DNS-over-HTTPS server). If
endpoints continue to use pre-configured public DNS servers, this
has a risk of relying on few centralized DNS services.
If public DNS servers are used instead of using local DNS servers, If public DNS servers are used instead of using local DNS servers,
the following paragraph discusses the impact on Network-based the following discusses the impact on network-based security:
security:
Various network security services are provided by Enterprise, secure o Various network security services are provided by Enterprise
home and wall-gardened networks to protect endpoints (e.g,. Hosts, networks to protect endpoints (e.g,. Hosts, IoT devices).
IoT devices). [I-D.camwinget-tls-use-cases] discusses some of the [I-D.camwinget-tls-use-cases] discusses some of the network-based
Network-based security use cases. These network security services security service use cases. These network security services act
act on DNS requests from endpoints. However, if an endpoint is on DNS requests originating from endpoints.
configured to use public DNS-over-(D)TLS or DNS-over-HTTPS servers,
network security services cannot act efficiently on DNS requests from o However, if an endpoint is configured to use public DNS-
the endpoints. In order to act on DNS requests from endpoints, over-(D)TLS or DNS-over-HTTPS servers, network security services
network security services can block DNS-over-(D)TLS traffic by cannot act efficiently on DNS requests from these endpoints.
dropping outgoing packets to destination port 853. Identifying DNS-
over-HTTPS traffic is far more challenging than DNS-over-(D)TLS o In order to act on DNS requests from endpoints, network security
traffic. Network security services can try to identify the domains services can block DNS-over-(D)TLS traffic by dropping outgoing
offering DNS-over-HTTPS servers, and DNS-over-HTTPS traffic can be packets to destination port 853. Identifying DNS-over-HTTPS
blocked by dropping outgoing packets to these domains. If the traffic is far more challenging than DNS-over-(D)TLS traffic.
endpoint has enabled strict privacy profile (Section 5 of [RFC8310]), Network security services may try to identify the domains offering
and the network security service blocks the traffic to the public DNS DNS-over-HTTPS servers, and DNS-over-HTTPS traffic can be blocked
server, DNS service is not available to the endpoint and ultimately by dropping outgoing packets to these domains. If an endpoint has
the endpoint cannot access Internet. If the endpoint has enabled enabled strict privacy profile (Section 5 of [RFC8310]), and the
opportunistic privacy profile (Section 5 of [RFC8310]), and the network security service blocks the traffic to the public DNS
network security service blocks traffic to the public DNS server, the server, the DNS service won't be available to the endpoint and
endpoint will either fallback to an encrypted connection without ultimately the endpoint cannot access Internet-reachable services.
authenticating the DNS server provided by the local network or
fallback to clear text DNS, and cannot exchange encrypted DNS o If an endpoint has enabled opportunistic privacy profile
messages. (Section 5 of [RFC8310]), and the network security service blocks
traffic to the public DNS server, the endpoint will either
fallback to an encrypted connection without authenticating the DNS
server provided by the local network or fallback to clear text
DNS, and cannot exchange encrypted DNS messages.
If the network security service fails to block DNS-over-(D)TLS or If the network security service fails to block DNS-over-(D)TLS or
DNS-over-HTTPS traffic, this can compromise the endpoint security; DNS-over-HTTPS traffic, this can compromise the endpoint security;
some of the potential security threats are listed below: some of the potential security threats are listed below:
o The network security service cannot prevent an endpoint from o The network security service cannot prevent an endpoint from
accessing malicious domains. accessing malicious domains.
o If the endpoint is an IoT device which is configured to use public o If the endpoint is an IoT device which is configured to use public
DNS-over-(D)TLS or DNS-over-HTTPS servers, and if a policy DNS-over-(D)TLS or DNS-over-HTTPS servers, and if a policy
enforcement point in the local network is programmed using a enforcement point in the local network is programmed using, for
Manufacturer Usage Description (MUD) file [I-D.ietf-opsawg-mud] by example, a Manufacturer Usage Description (MUD) file [RFC8520] by
a MUD manager to only allow intented communications to and from a MUD manager to only allow intented communications to and from
the IoT device, the policy enforcement point cannot enforce the the IoT device, the policy enforcement point cannot enforce the
Network Access Control List rules based on domain names (Section 8 network Access Control List (ACL) rules based on domain names
of [I-D.ietf-opsawg-mud]). (Section 8 of [RFC8520]).
If the network security service sucessfully blocks DNS-over-(D)TLS If the network security service sucessfully blocks DNS-over-(D)TLS
and DNS-over-HTTPS traffic, this can still compromise the endpoint and DNS-over-HTTPS traffic, this can still compromise the endpoint
security and privacy; some of the potential security threats are security and privacy; some of the potential security threats are
listed below: listed below:
o Pervasive monitoring of DNS traffic. o Pervasive monitoring of DNS traffic.
o An internal attacker can modify the DNS responses to re-direct the o An internal attacker can modify the DNS responses to re-direct the
client to incorrect and malicious servers. client to malicious servers.
To overcome the above threats, the document proposes a mechanism to To overcome the above threats, this document specifies a mechanism to
automatically bootstrap the endpoints to discover and authenticate automatically bootstrap endpoints to discover and authenticate the
the DNS-over-(D)TLS and DNS-over-HTTPS servers provided by the local DNS-over-(D)TLS and DNS-over-HTTPS servers provided by their local
network. The overall procedure can be structured into the following network. The overall procedure can be structured into the following
steps: steps:
o Bootstrapping phase (Section 3 and Section 4) is meant to o Bootstrapping (Section 4) is necessary only when connecting to a
automatically bootstrap endpoints with local network's CA new network or when the network's DNS certificate has changed.
certificates and DNS server certificate. Bootstrapping authenticates the Enrollment over Secure Transport
(EST) [RFC7030] server to the endpoint. After authenticating the
EST server, DNS server certificate used by the local network is
downloaded to the endpoint. This DNS server certificate enables
subsequent authenticated encrypted communication with the local
DNS server (e.g., DNS-over-HTTPS) during in the connection phase.
o Discovery phase (Section 5) is meant to discover the privacy- o Discovery (Section 6) is performed by a previously bootstrapped
enabling protocols supported by the DNS server and usable DNS endpoint whenever connecting to a network. During discovery, the
server IP addresses and port numbers. endpoint is instructed which privacy-enabling DNS protocol(s),
port number(s), and IP addresses are supported on a local network.
This effectively takes the place of DNS server IP address
traditionally provided by IPv4 or IPv6 DHCP or by IPv6 Router
Advertisement [RFC8106].
o Connection handshake and service invocation: The DNS client o Connection handshake and service invocation (Section 7): The DNS
initiates (D)TLS handshake with the DNS server learned in the client initiates a (D)TLS handshake with the DNS server learned in
discovery phase. Furthermore, DNS client uses the credentials the discovery phase, and validates the DNS server's identity using
discovered during the bootstrapping phase to validate the server the credentials obtained in the bootstrapping phase.
certificate.
Note: The strict and opportunistic privacy profiles as defined in Note: The strict and opportunistic privacy profiles as defined in
[RFC8310] only applies to DNS-over-(D)TLS protocols, there has been [RFC8310] only applies to DNS-over-(D)TLS protocols, there has been
no such distinction made for DNS-over-HTTPS protocol. no such distinction made for DNS-over-HTTPS protocol.
2. Terminology 2. Scope
The problems discussed in Section 1 will be encountered in Enterprise
networks. Typically Enterprise networks do not assume that all
devices in their network are managed by the IT team or Mobile Device
Management (MDM) devices, especially in the quite common BYOD ("Bring
Your Own Device") scenario. The mechanisms specified in this
document can be used by BYOD devices to discover and authenticate
DNS-over-(D)TLS and DNS-over-HTTPS servers provided by the Enterprise
network. This mechanism can also be used by IoT devices (managed by
IT team) after onboarding to discover and authenticate DNS-
over-(D)TLS and DNS-over-HTTPS servers provided by the Enterprise
network.
3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all 14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
(D)TLS is used for statements that apply to both Transport Layer (D)TLS is used for statements that apply to both Transport Layer
Security [RFC8446] and Datagram Transport Layer Security [RFC6347]. Security [RFC8446] and Datagram Transport Layer Security [RFC6347].
Specific terms are used for any statement that applies to either Specific terms are used for any statement that applies to either
protocol alone. protocol alone.
This document uses the terms defined in [RFC8499]. This document uses the terms defined in [RFC8499].
3. Bootstrapping Endpoint Devices 4. Bootstrapping Endpoint Devices
The following steps explain the mechanism to automatically bootstrap The following steps detail the mechanism to automatically bootstrap
an endpoint with the local network's CA certificates and DNS server an endpoint with the local network's DNS server certificate:
certificate:
1. The endpoint authenticates to the local network and discovers the 1. The endpoint authenticates to the local network and discovers the
EST server using DNS-based Service Discovery [RFC6763]. Enrollment over Secure Transport (EST) [RFC7030] server using the
procedure discussed in Section 8.
2. The endpoint establishes provisional TLS connection with the EST 2. The endpoint establishes provisional TLS connection with that EST
server, i.e. the endpoint provisionally accepts the unverified server, i.e., the endpoint provisionally accepts the unverified
TLS server certificate. However, the endpoint MUST authenticate TLS server certificate. However, the endpoint MUST authenticate
the EST server before it can accept the CA certificates. The the EST server before it accepts the DNS server certificate. The
endpoint either uses Secure Remote Password protocol (SRP) endpoint either uses password-based authenticated key exchange
[SRP-6] as an authentication method for the Transport Layer (PAKE) with TLS 1.3 [I-D.barnes-tls-pake] as an authentication
Security protocol [RFC5054] or uses the mutual authentication method or uses the mutual authentication protocol for HTTP
scheme discussed in [RFC8120] to authenticate the discovered EST [RFC8120] to authenticate the discovered EST server.
server. SRP is an authentication method that allows the use of
usernames and passwords over unencrypted channels without
revealing the password to an eavesdropper. Similarty, the mutual
authentication scheme is based on password-based authenticated
key exchange (PAKE) and provides mutual authentication between a
HTTP client and an HTTP server using username and password as
credentials.
3. If the EST server authentication is successful, the endpoint As a reminder, PAKE is an authentication method that allows the
requests the full EST distribution of current CA certificates and use of usernames and passwords over unencrypted channels without
validates the EST server certificate. If the EST server revealing the passwords to an eavesdropper. Similarty, the
certificate cannot be verified using the CA certificates mutual authentication for HTTP is based on PAKE and provides
downloaded, the TLS connection is immediately discarded and the mutual authentication between an HTTP client and an HTTP server
endpoint abandons the attempt to bootstrap from the EST server using username and password as credentials. The cryptographic
and discards the CA certificates conveyed by the EST server. If algorithms to use with the mutual authentication protocol for
the EST server certificate is verified using the CA certificates HTTP are defined in [RFC8121].
downloaded, the endpoint stores the CA certificates as Explicit
Trust Anchor database entries. The endpoint uses the Explicit 3. The endpoint needs to use PAKE scheme to perform authentication
Trust Anchor database to validate the DNS server certificate. the first time it connects to an EST server. If the EST server
The endpoint needs to perform SCRAM authentication the first time authentication is successful, the server's identity can be used
it connects EST server. On subsequent connections to the EST to authenticate subsequent TLS connections to that EST server.
server, the endpoint can validate the EST server certificate The endpoint configures the reference identifier for the EST
using the Explicit Trust Anchor database. server using the DNS-ID identifier type in the EST server
certificate. On subsequent connections to the EST server, the
endpoint MUST validate the EST server certificate using the
Implict Trust Anchor database (i.e, the EST server certificate
must pass PKIX certification path validation) and matches the
reference identifier against the EST server's identity according
to the rules specified in Section 6.4 of [RFC6125].
4. The endpoint learns the End-Entity certificates [RFC8295] from 4. The endpoint learns the End-Entity certificates [RFC8295] from
the EST server. The certificate provisioned to the DNS server in the EST server. The certificate provisioned to the DNS server in
the local network will be treated as a End-Entity certificate. the local network will be treated as a End-Entity certificate.
The endpoint needs to identify the certificate provisioned to the As a reminder, the End-Entity certificates must be validated by
DNS server. The SRV-ID identifier type [RFC6125] within the endpoint using an authorized trust anchor (Section 3.2 of
subjectAltName entry can be used to identify the DNS server [RFC8295]). The endpoint needs to identify the certificate
certificate. For example, DNS server certificate will include provisioned to the DNS server. The SRV-ID identifier type
SRV-ID "_domain-s.example.net" along with DNS-ID "example.net". [RFC6125] within subjectAltName entry MUST be used to identify
This specification defines SRV service label "domain-s" in the DNS server certificate.
Section 9. As a reminder, the protocol component is not included
in the SRV-ID [RFC4985].
4. Bootstrapping IoT Devices and CPE For example, DNS server certificate will include SRV-ID "_domain-
s.example.net" along with DNS-ID "example.net". The SRV service
label "domain-s" is defined in Section 6 of [RFC7858]. As a
reminder, the protocol component is not included in the SRV-ID
[RFC4985].
5. The endpoint configures the authentication domain name (ADN)
(defined in [RFC8310]) for the DNS server from the DNS-ID
identifier type within subjectAltName entry in the DNS server
certificate. The DNS server certificate is associated with the
ADN to be matched with the certificate given by the DNS server in
(D)TLS. To some extent, this approach is similar to certificate
usage PKIX-EE(1) defined in [RFC7671].
Figure 1 illustrates a sequence diagram for bootstrapping an endpoint
with the local network's DNS server certificate.
+----------+ +--------+ +--------+
| Endpoint | | EST | | DNS |
| | | Server | | Server |
+----------+ +--------+ +--------+
| DNS-SD query to discover the EST server | |
|-------------------------------------------------------->|
| | |
| optional: mDNS query to | |
| discover the EST server | |
|--------------------------------------------->| |
| | |
| Establish provisional TLS connection | |
|<-------------------------------------------->| |
| | |
| PAKE scheme to authenticate the EST server | |
|<-------------------------------------------->| |
| | |
[Generate reference identifier for the EST server | |
to compare with the EST server certificate | |
in subsequent TLS connections] | |
| | |
| Get EE certificates | |
|--------------------------------------------->| |
| | |
[Identify the DNS server certificate in EE | |
certificates to match with the certificate | |
by the DNS server in (D)TLS handshake] | |
| |
[Configure ADN and associate DNS server certificate] | |
| | |
Figure 1: Bootstrapping Endpoint Devices
5. Bootstrapping IoT Devices
The following steps explain the mechanism to automatically bootstrap The following steps explain the mechanism to automatically bootstrap
IoT devices with local network's CA certificates and DNS server IoT devices with local network's CA certificates and DNS server
certificate. The below steps can also be used by CPE acting as DNS certificate:
forwarder to discover and authenticate DNS-over-(D)TLS and DNS-over-
HTTPS servers provided by the access network.
o Bootstrapping Remote Secure Key Infrastructures (BRSKI) discussed o Bootstrapping Remote Secure Key Infrastructures (BRSKI) discussed
in [I-D.ietf-anima-bootstrapping-keyinfra] provides a solution for in [I-D.ietf-anima-bootstrapping-keyinfra] provides a solution for
secure automated bootstrap of devices. BRSKI specifies means to secure automated bootstrap of devices. BRSKI specifies means to
provision credentials on devices to be used to operationally provision credentials on devices to be used to operationally
access networks. In addition, BRSKI provides an automated access networks. In addition, BRSKI provides an automated
mechanism for the bootstrap distribution of CA certificates from mechanism for the bootstrap distribution of CA certificates from
the EST server. The IoT device can use BRSKI to automatically the EST server. The IoT device can use BRSKI to automatically
bootstrap the IoT device using the IoT manufacturer provisioned bootstrap the IoT device using the IoT manufacturer provisioned
X.509 certificate, in combination with a registrar provided by the X.509 certificate, in combination with a registrar provided by the
local network and IoT device manufacturer's authorizing service local network and IoT device manufacturer's authorizing service
(MASA). (MASA):
1. The IoT device authenticates to the local network using the 1. The IoT device authenticates to the local network using the
IoT manufacturer provisioned X.509 certificate. The IoT IoT manufacturer provisioned X.509 certificate. The IoT
device can request and get a voucher from the MASA service via device can request and get a voucher from the MASA service via
the registrar. The voucher is signed by the MASA service and the registrar. The voucher is signed by the MASA service and
includes the local network's CA public key. includes the local network's CA public key.
2. The IoT device validates the signed voucher using the 2. The IoT device validates the signed voucher using the
manufacturer installed trust anchor associated with the MASA, manufacturer installed trust anchor associated with the MASA,
stores the CA's public key and validates the provisional TLS stores the CA's public key and validates the provisional TLS
connection to the registrar. connection to the registrar.
3. The IoT device requests the full Enrollment over Secure 3. The IoT device requests the full EST distribution of current
Transport (EST) [RFC7030] distribution of current CA CA certificates (Section 5.9.1 in
certificates (Section 5.9.1 in
[I-D.ietf-anima-bootstrapping-keyinfra]) from the registrar [I-D.ietf-anima-bootstrapping-keyinfra]) from the registrar
operating as a BRSKI-EST server. The IoT devices stores the operating as a BRSKI-EST server. The IoT devices stores the
CA certificates as Explicit Trust Anchor database entries. CA certificates as Explicit Trust Anchor database entries.
The IoT device uses the Explicit Trust Anchor database to The IoT device uses the Explicit Trust Anchor database to
validate the DNS server certificate. validate the DNS server certificate.
4. The IoT device learns the End-Entity certificates [RFC8295] 4. The IoT device learns the End-Entity certificates from the
from the BRSKI-EST server. The certificate provisioned to the BRSKI-EST server. The certificate provisioned to the DNS
DNS server in the local network will be treated as a End- server in the local network will be treated as an End-Entity
Entity certificate. The IoT device needs to identify the certificate. The IoT device needs to identify the certificate
certificate provisioned to the DNS server. The SRV-ID provisioned to the DNS server. The SRV-ID identifier type
identifier type [RFC6125] within subjectAltName entry can be within subjectAltName entry MUST be used to identify the DNS
used to identify the DNS server certificate. For example, DNS server certificate.
server certificate will include SRV-ID "_domain-s.example.net"
along with DNS-ID "example.net". This specification defines
SRV service label "domain-s" in Section 9. As a reminder, the
protocol component is not included in the SRV-ID [RFC4985].
5. Discovery Procedure 5. The endpoint configures the ADN for the DNS server from the
DNS-ID identifier type within subjectAltName entry in the DNS
server certificate. The DNS server certificate is associated
with the ADN to be matched with the certificate given by the
DNS server in (D)TLS.
A DNS client discovers the DNS server in the local network supporting 6. DNS-over-(D)TLS and DNS-over-HTTPS Server Discovery Procedure
DNS-over-TLS, DNS-over-DTLS and DNS-over-HTTPS protocols by using the
following discovery mechanism:
o The DNS client retrieves the authentication domain name for the This specification defines "DPRIVE" as the application service tag
DNS server from the DNS-ID identifier type within subjectAltName (Section 12.1.1) and "dns.tls" (Section 12.1.2), "dns.dtls"
entry in the DNS server certificate. (Section 12.1.3), and "dns.https" (Section 12.1.4) as application
protocol tags. A DNS client discovers the DNS server in the local
network supporting DNS-over-TLS, DNS-over-DTLS and DNS-over-HTTPS
protocols by using the following discovery mechanism:
o The DNS client then uses the authentication domain name for o The DNS client makes an S-NAPTR [RFC3958] lookup with the
S-NAPTR [RFC3958] lookup to learn the protocols DNS-over-TLS, DNS- authentication domain name and the 'DPRIVE' application service
over-DTLS, and DNS-over-HTTPS supported by the DNS server and the tag to learn the protocols DNS-over-TLS, DNS-over-DTLS, and DNS-
DNS privacy protocol preferred by the DNS server administrators, over-HTTPS supported by the DNS server and the DNS privacy
as specified in Section 5.1 and Section 9.1. This specification protocol preferred by the DNS server administrators. The S-NAPTR
adds a SRV service label "domain-s" for privacy-enabling DNS lookup is performed using an recursive DNS resolver discovered
servers. In the example below, for authentication domain name from an untrusted source (such as DHCP).
'example.net', the resolution algorithm will result in the
o In the example depicted in Figure 2, for authentication domain
name 'example.net', the resolution algorithm will result in the
privacy-enabling protocols supported by the DNS server and usable privacy-enabling protocols supported by the DNS server and usable
DNS server IP addresses and port numbers. DNS server IP addresses and port numbers.
example.net. example.net.
IN NAPTR 100 10 "" DPRIVE:dns.tls "" dns1.example.net. IN NAPTR 100 10 "" DPRIVE:dns.tls "" dns1.example.net.
IN NAPTR 200 10 "" DPRIVE:dns.dtls "" dns2.example.net. IN NAPTR 200 10 "" DPRIVE:dns.dtls "" dns2.example.net.
dns1.example.net. dns1.example.net.
IN NAPTR 100 10 S DPRIVE:dns.tls "" _domain-s._tcp.example.net. IN NAPTR 100 10 S DPRIVE:dns.tls "" _domain-s._tcp.example.net.
skipping to change at page 8, line 25 skipping to change at page 9, line 38
_domain-s._tcp.example.net. _domain-s._tcp.example.net.
IN SRV 0 0 853 a.example.net. IN SRV 0 0 853 a.example.net.
_domain-s._udp.example.net. _domain-s._udp.example.net.
IN SRV 0 0 853 a.example.net. IN SRV 0 0 853 a.example.net.
a.example.net. a.example.net.
IN A 192.0.2.1 IN A 192.0.2.1
IN AAAA 2001:db8:8:4::2 IN AAAA 2001:db8:8:4::2
Figure 1 Figure 2
o If DNS-over-HTTPS protocol is supported by the DNS server, the DNS o If DNS-over-HTTPS protocol is supported by the DNS server, the DNS
client finds the URI template of the DNS-over-HTTPS server using client finds the URI template of the DNS-over-HTTPS server using
one of the mechanisms discussed in one of the mechanisms discussed in
[I-D.ietf-doh-resolver-associated-doh] to use the https URI scheme [I-D.ietf-doh-resolver-associated-doh] to use the https URI scheme
(Section 3 of [RFC8484]). (Section 3 of [RFC8484]).
5.1. Resolution o If no DNS-specific S-NAPTR records can be retrieved, the discovery
procedure fails for this authentication domain name. However,
Once the DNS client has retrieved the authentication domain name for before retrying a lookup that has failed, a DNS client MUST wait a
the DNS server, an S-NAPTR lookup with 'DPRIVE' application service time period that is appropriate for the encountered error (e.g.,
and the desired protocol tag is made to obtain information necessary NXDOMAIN, timeout, etc.).
to securely connect to the DNS server. The S-NAPTR lookup is
performed using an recursive DNS resolver discovered from an
untrusted source (such as DHCP).
This specification defines "DPRIVE" as an application service tag
(Section 9.1.1) and "dns.tls" (Section 9.1.2), "dns.dtls"
(Section 9.1.3), and "dns.https" (Section 9.1.4) as application
protocol tags.
If no DNS-specific S-NAPTR records can be retrieved, the discovery
procedure fails for this authentication domain name. However, before
retrying a lookup that has failed, a DNS client MUST wait a time
period that is appropriate for the encountered error (e.g., NXDOMAIN,
timeout, etc.).
6. Connection handshake and service invocation 7. Connection Handshake and Service Invocation
The DNS client initiates (D)TLS handshake with the DNS server, the The DNS client initiates (D)TLS handshake with the DNS server, the
server presents its certificate in ServerHello message, and the DNS DNS server presents its certificate in ServerHello message, and the
client matches the DNS server certificate downloaded in step 4 in DNS client MUST match the DNS server certificate downloaded in Step 4
Section 3 and Section 4 with the certificate provided by the DNS in Section 4 or Section 5 with the certificate provided by the DNS
server in (D)TLS handshake. If the match is successful, the DNS server in (D)TLS handshake. If the match is successful, the DNS
client validates the server certificate using the Explicit Trust client MUST validate the server certificate using the Implicit Trust
Anchor database entries downloaded in step 3 in Section 3 and Anchor database (i.e., the DNS server certificate must pass PKIX
Section 4. certification path validation).
If the match is successful and server certificate is successfully If the match is successful and server certificate is successfully
validated, the client continues with the connection as normal. validated, the client continues with the connection as normal.
Otherwise, the client MUST treat the server certificate validation Otherwise, the client MUST treat the server certificate validation
failure as a non-recoverable error. If the DNS client cannot reach failure as a non-recoverable error. If the DNS client cannot reach
or establish an authenticated and encrypted connection with the or establish an authenticated and encrypted connection with the
privacy-enabling DNS server provided by the local network, the DNS privacy-enabling DNS server provided by the local network, the DNS
client can fallback to the privacy-enabling public DNS server. client can fallback to the privacy-enabling public DNS server.
7. Security Considerations 8. EST Service Discovery Procedure
The bootstrapping procedure to discover and authenticate DNS- DNS-based Service Discovery (DNS-SD) [RFC6763] and Multicast DNS
over-(D)TLS and DNS-over-HTTPS Servers MUST be enabled by the (mDNS) [RFC6762] provide generic solutions for discovering services
endpoint in a trusted network (e.g. Enterprise, Secure home available in a local network. DNS-SD/mDNS define a set of naming
networks) and disabled in a untrusted network (e.g. Public WiFi rules for certain DNS record types that they use for advertising and
network), similar to the way VPN connection from the endpoint to a discovering services.
VPN gateway is disconnected in a trusted network and VPN connection
is established in a untrusted network.
If the endpoint has enabled strict privacy profile, and the network Section 4.1 of [RFC6763] specifies that a service instance name in
DNS-SD has the following structure:
<Instance> . <Service> . <Domain>
The <Domain> portion specifies the DNS sub-domain where the service
instance is registered. It may be "local.", indicating the mDNS
local domain, or it may be a conventional domain name such as
"example.com.". The <Service> portion of the EST service instance
name MUST be "_est._tcp".
8.1. mDNS
A EST client application can proactively discover EST server being
advertised in the site by multicasting a PTR query to the following:
o "_est._tcp.local"
A EST server can send out gratuitous multicast DNS answer packets
whenever it starts up, wakes from sleep, or detects a change in EST
server configuration. EST client application receive these
gratuitous packets and cache information contained in it.
9. Network Reattachment
On subsequent attachments to the network, the endpoint discovers the
privacy-enabling DNS server using the authentication domain name
(configured in Step 5 of Section 4 or Section 5), initiates (D)TLS
handshake with the DNS server and follows the mechanism discussed in
Section 7 to validate the DNS server certificate.
If the DNS server certificate invalid (e.g., revoked or expired) or
the procedure to discover the privacy-enabling DNS server fails (e.g.
the domain name of the privacy-enabling DNS server has changed
because the Enterprise network has switched to a public privacy-
enabling DNS server capable of blocking access to malicious domains),
the endpoint discovers and initiates TLS handshake with the EST
server, and uses the validation techniques described in [RFC6125] to
compare the reference identifier (created in Step 2 of Section 4 in
this document) to the EST server certificate and verifies the entire
certification path as per [RFC5280]. The endpoint then gets the DNS
server certificate from the EST server. If the DNS-ID identifier
type within subjectAltName entry in the DNS server certificate does
not match the configured ADN, the ADN is replaced with the DNS-ID
identifier type. The DNS server certificate associated with the ADN
is replaced with the one provided by the EST server. If the ADN has
changed, the endpoint discovers the privacy-enabling DNS server,
initiates (D)TLS handshake with the DNS server and follows the
mechanism discussed in Section 7 to validate the DNS server
certificate.
Figure 3 illustrates a sequence diagram for re-configuring an
endpoint with ADN and local network's DNS server certificate on
subsequent attachments to the network.
+----------+ +--------+ +--------+
| Endpoint | | EST | | DNS |
| | | Server | | Server |
+----------+ +--------+ +--------+
| DNS-SD query to discover the EST server | |
|-------------------------------------------------------->|
| | |
| optional: mDNS query to | |
| discover the EST server | |
|--------------------------------------------->| |
| | |
| Establish TLS connection | |
| and validate EST server certificate | |
|<-------------------------------------------->| |
| | |
| Get EE certificates | |
|<-------------------------------------------->| |
| | |
[Identify the DNS server certificate in EE | |
certificates to match with the certificate | |
by the DNS server in (D)TLS handshake] | |
| |
[Re-configure ADN and associate DNS server certificate]| |
| | |
Figure 3: Bootstrapping Endpoint Devices on subsequent attachments to
the network
10. Privacy Considerations
[RFC7626] discusses DNS privacy considerations in both "on the wire"
(Section 2.4 of [RFC7626]) and "in the server" (Section 2.5 of
[RFC7626] contexts. The endpoint may not know if the DNS-over-(D)TLS
or DNS-over-HTTPS server in the local network has a privacy
preserving data policy. A new privacy certificate extension is
defined that identifies the privacy preserving data policy of the DNS
server.
10.1. Privacy Extension Format
Like all X.509 certificate extensions, the privacy certificate
extension is defined using ASN.1 [ASN1-88]. The non-critical privacy
extension is identified by id-pe-privacy.
PKIX Object Identifier Registry
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
PKIX Arcs
id-mod OBJECT IDENTIFIER ::= { id-pkix 0 } -- modules
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } -- private
certificate extensions
PKIX modules
id-mod-privacy-extn OBJECT IDENTIFIER ::= { id-mod TBD2 }
id-pe-privacy OBJECT IDENTIFIER ::= { id-pe TBD1 }
A non-null privacy always includes a base privacy. The privacy
extension includes the following information:
o If the client IP address is Personally Identifiable Information
(PII) data or non PII-data.
o If the client IP address is logged or not, and if client IP
address is indeed logged, it is stored in temporary or permanant
logs.
o If the server clears the stored transaction data (e.g., DNS
messages) or not, and if the server clears the stored transaction
data, the period for which the transaction data is stored.
o If the transaction data is shared with partners or not, and if the
transaction data is shared with partners, the names of the
partners. If anonymized data or client identifiable data is
shared with partners.
o If the transaction data is shared or sold to third parties.
o If the DNS server will block DNS resolution of certain domains
(e.g., malicious domains).
o A URL that points to the privacy preserving data policy, and a URL
that points to the security assessment report of the DNS server by
a third party auditor.
10.2. Privacy Extension Syntax
The syntax for the privacy extension is as follows:
Privacy ::= CHOICE {
none NULL,
-- No privacy policy provided
pPolicy PrivacyPolicy
-- Privacy preserving data policy }
PrivacyPolicy ::= SEQUENCE {
base PrivacyInfo,
pURL [0] PrivacyURL OPTIONAL,
aURL [1] AuditURL OPTIONAL }
PrivacyInfo ::= SEQUENCE {
ipaddresspii BOOLEAN,
-- TRUE means client IP address is PII
log [0] Logging,
retention [1] DataRetention,
sdata [2] ShareData,
transferdata [3] BOOLEAN,
-- TRUE means share or sell data to third parties
blockdomains [4] BOOLEAN
-- TRUE means domains will be blocked }
Logging ::= SEQUENCE {
logip BOOLEAN,
-- TRUE means client IP address logging
temporary BOOLEAN OPTIONAL
-- TRUE means temporary logs }
DataRetention ::= SEQUENCE {
cleardata BOOLEAN,
-- TRUE means the server clears
-- the stored transaction data
period INTEGER OPTIONAL
-- Number of Hours the
-- transaction data is stored }
ShareData ::= SEQUENCE {
sharepartners BOOLEAN,
-- TRUE means data is shared with partners
partners [1] SEQUENCE SIZE (1..MAX) OF UTF8String OPTIONAL,
-- Names of the partners
anonymizeddata [0] BOOLEAN OPTIONAL
-- TRUE means anonymized data
-- is shared with partners }
PrivacyURL ::= IA5String -- MUST use https scheme
AuditURL ::= IA5String -- MUST use https scheme
11. Security Considerations
The bootstrapping procedure to obtain the certificate of the local
networks DNS server uses a client identity and password to
authenticate the EST server using PAKE schemes. Security
considerations such as those discussed in [I-D.barnes-tls-pake] or
[RFC8120] and [RFC8121] need to be taken into consideration.
Users cannot be expected to enable or disable the bootstrapping or
the discovery procedure as they switch networks. Thus, it is
RECOMMENDED that users indicate to their system in some way that they
desire bootstrapping to be performed when connecting to a specific
network, similar to the way users disable VPN connection in specific
network (e.g., Enterprise network) and enable VPN connection by
default in other networks.
If an endpoint has enabled strict privacy profile, and the network
security service blocks the traffic to the privacy-enabling public security service blocks the traffic to the privacy-enabling public
DNS server, a hard failure occurs and the user is notified. The user DNS server, a hard failure occurs and the user is notified. The user
has a choice to switch to another network or if the user trusts the has a choice to switch to another network or if the user trusts the
network, the user can enable strict privacy profile with the DNS- network, the user can enable strict privacy profile with the DNS-
over-(D)TLS or DNS-over-HTTPS server discovered in the network over-(D)TLS or DNS-over-HTTPS server discovered in the network
instead of downgrading to opportunistic privacy profile. instead of downgrading to opportunistic privacy profile.
The primary attacks against the methods described in Section 5 are The primary attacks against the methods described in Section 6 are
the ones that would lead to impersonation of a DNS server and the ones that would lead to impersonation of a DNS server and
spoofing the DNS response to indicate that the DNS server does not spoofing the DNS response to indicate that the DNS server does not
support any privacy-enabling protocols. To protect against DNS- support any privacy-enabling protocols. To protect against DNS-
vectored attacks, secured DNS (DNSSEC) can be used to ensure the vectored attacks, secured DNS (DNSSEC) can be used to ensure the
validity of the DNS records received. The explicit trust anchor validity of the DNS records received. Impersonation of the DNS
database entries downloaded in step 3 in Section 3 and Section 4 can server is prevented by validating the certificate presented by the
be used by the endpoint to validate the DNSSEC signature. DNS server. If the EST server conveys the DNS server certificate,
Impersonation of the DNS server is prevented by validating the but the S-NAPTR lookup indicates that the DNS server does not support
certificate presented by the DNS server. If the BRSKI-EST server any privacy-enabling protocols, the client can detect the DNS
conveys the DNS server certificate, but the S-NAPTR lookup indicates response is spoofed.
that the DNS server does not support any privacy-enabling protocols,
the client can detect the DNS response is spoofed.
Security considerations in [I-D.ietf-anima-bootstrapping-keyinfra], Security considerations in [I-D.ietf-anima-bootstrapping-keyinfra]
[RFC5054] and [RFC8120] need to be taken into consideration. need to be taken into consideration for IoT devices.
8. Privacy Considerations 12. IANA Considerations
[RFC7626] discusses DNS privacy considerations in both "on the wire" IANA is requested to allocate the SRV service name of "est".
(Section 2.4 of [RFC7626]) and "in the server" (Section 2.5 of
[RFC7626] contexts. The endpoint may not know if the DNS-over-(D)TLS
or DNS-over-HTTPS server in the local network has a privacy
preserving data policy. A new privacy certificate extension is
defined that identifies the privacy preserving data policy of the DNS
server. The extension contains a URL that points to the privacy
preserving data policy.
8.1. Privacy Extension Syntax IANA is requested to add the following entry in the "SMI Security for
PKIX Certificate Extension" (1.3.6.1.5.5.7.1) registry:
The syntax for the privacy extension is: Decimal Description References
------- ------------------------------ ---------------------
Privacy ::= CHOICE { TBD1 id-pe-privacy this document
none NULL, -- No privacy policy provided
pURL PrivacyURL } -- Privacy preserving data policy
PrivacyURL ::= IA5String -- MUST use https scheme IANA is requested to add the following entry in the "SMI Security for
PKIX Module Identifier" (1.3.6.1.5.5.7.0) registry:
9. IANA Considerations Decimal Description References
------- ------------------------------ ---------------------
IANA is requested to allocate the SRV service name of "domain-s" for TBD2 id-mod-privacy-extn this document
DNS-over-(D)TLS and DNS-over-HTTPS.
9.1. Application Service & Application Protocol Tags 12.1. Application Service & Application Protocol Tags
This document requests IANA to make the following allocations from This document requests IANA to make the following allocations from
the registry available at: https://www.iana.org/assignments/s-naptr- the registry available at: https://www.iana.org/assignments/s-naptr-
parameters/s-naptr-parameters.xhtml. parameters/s-naptr-parameters.xhtml.
9.1.1. DNS Application Service Tag Registration 12.1.1. DNS Application Service Tag Registration
o Application Protocol Tag: DPRIVE o Application Protocol Tag: DPRIVE
o Intended Usage: See Section 5.1 o Intended Usage: See Section 6
o Security Considerations: See Section 7 o Security Considerations: See Section 11
o Contact Information: <one of the authors> o Contact Information: <one of the authors>
9.1.2. dns.tls Application Protocol Tag Registration 12.1.2. dns.tls Application Protocol Tag Registration
o Application Protocol Tag: dns.tls o Application Protocol Tag: dns.tls
o Intended Usage: See Section 5.1 o Intended Usage: See Section 6
o Security Considerations: See Section 7 o Security Considerations: See Section 11
o Contact Information: <one of the authors> o Contact Information: <one of the authors>
9.1.3. dns.dtls Application Protocol Tag Registration 12.1.3. dns.dtls Application Protocol Tag Registration
o Application Protocol Tag: dns.dtls o Application Protocol Tag: dns.dtls
o Intended Usage: See Section 5.1 o Intended Usage: See Section 6
o Security Considerations: See Section 7 o Security Considerations: See Section 11
o Contact Information: <one of the authors> o Contact Information: <one of the authors>
9.1.4. dns.https Application Protocol Tag Registration 12.1.4. dns.https Application Protocol Tag Registration
o Application Protocol Tag: dnshttps o Application Protocol Tag: dnshttps
o Intended Usage: See Section 5.1 o Intended Usage: See Section 6
o Security Considerations: See Section 7 o Security Considerations: See Section 11
o Contact Information: <one of the authors> o Contact Information: <one of the authors>
10. Acknowledgments 13. Acknowledgments
Thanks to Joe Hildebrand, Harsha Joshi, Shashank Jain, Patrick Thanks to Joe Hildebrand, Harsha Joshi, Shashank Jain, Patrick
McManus, Eliot Lear and Sara Dickinson for the discussion and McManus, Eliot Lear and Sara Dickinson for the discussion and
comments. comments.
11. References 14. References
11.1. Normative References
[I-D.ietf-anima-bootstrapping-keyinfra] 14.1. Normative References
Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
S., and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-19 (work in progress), March 2019.
[I-D.ietf-doh-resolver-associated-doh] [I-D.ietf-doh-resolver-associated-doh]
Hoffman, P., "Associating a DoH Server with a Resolver", Hoffman, P., "Associating a DoH Server with a Resolver",
draft-ietf-doh-resolver-associated-doh-03 (work in draft-ietf-doh-resolver-associated-doh-03 (work in
progress), March 2019. progress), March 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 12, line 25 skipping to change at page 17, line 45
[RFC3958] Daigle, L. and A. Newton, "Domain-Based Application [RFC3958] Daigle, L. and A. Newton, "Domain-Based Application
Service Location Using SRV RRs and the Dynamic Delegation Service Location Using SRV RRs and the Dynamic Delegation
Discovery Service (DDDS)", RFC 3958, DOI 10.17487/RFC3958, Discovery Service (DDDS)", RFC 3958, DOI 10.17487/RFC3958,
January 2005, <https://www.rfc-editor.org/info/rfc3958>. January 2005, <https://www.rfc-editor.org/info/rfc3958>.
[RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure [RFC4985] Santesson, S., "Internet X.509 Public Key Infrastructure
Subject Alternative Name for Expression of Service Name", Subject Alternative Name for Expression of Service Name",
RFC 4985, DOI 10.17487/RFC4985, August 2007, RFC 4985, DOI 10.17487/RFC4985, August 2007,
<https://www.rfc-editor.org/info/rfc4985>. <https://www.rfc-editor.org/info/rfc4985>.
[RFC5054] Taylor, D., Wu, T., Mavrogiannopoulos, N., and T. Perrin, [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
"Using the Secure Remote Password (SRP) Protocol for TLS Housley, R., and W. Polk, "Internet X.509 Public Key
Authentication", RFC 5054, DOI 10.17487/RFC5054, November Infrastructure Certificate and Certificate Revocation List
2007, <https://www.rfc-editor.org/info/rfc5054>. (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March
2011, <https://www.rfc-editor.org/info/rfc6125>. 2011, <https://www.rfc-editor.org/info/rfc6125>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>. January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
DOI 10.17487/RFC6762, February 2013,
<https://www.rfc-editor.org/info/rfc6762>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service [RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<https://www.rfc-editor.org/info/rfc6763>. <https://www.rfc-editor.org/info/rfc6763>.
[RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., [RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
"Enrollment over Secure Transport", RFC 7030, "Enrollment over Secure Transport", RFC 7030,
DOI 10.17487/RFC7030, October 2013, DOI 10.17487/RFC7030, October 2013,
<https://www.rfc-editor.org/info/rfc7030>. <https://www.rfc-editor.org/info/rfc7030>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <https://www.rfc-editor.org/info/rfc7858>. 2016, <https://www.rfc-editor.org/info/rfc7858>.
[RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram [RFC8094] Reddy, T., Wing, D., and P. Patil, "DNS over Datagram
Transport Layer Security (DTLS)", RFC 8094, Transport Layer Security (DTLS)", RFC 8094,
DOI 10.17487/RFC8094, February 2017, DOI 10.17487/RFC8094, February 2017,
<https://www.rfc-editor.org/info/rfc8094>. <https://www.rfc-editor.org/info/rfc8094>.
[RFC8120] Oiwa, Y., Watanabe, H., Takagi, H., Maeda, K., Hayashi, [RFC8121] Oiwa, Y., Watanabe, H., Takagi, H., Maeda, K., Hayashi,
T., and Y. Ioku, "Mutual Authentication Protocol for T., and Y. Ioku, "Mutual Authentication Protocol for HTTP:
HTTP", RFC 8120, DOI 10.17487/RFC8120, April 2017, Cryptographic Algorithms Based on the Key Agreement
<https://www.rfc-editor.org/info/rfc8120>. Mechanism 3 (KAM3)", RFC 8121, DOI 10.17487/RFC8121, April
2017, <https://www.rfc-editor.org/info/rfc8121>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8295] Turner, S., "EST (Enrollment over Secure Transport) [RFC8295] Turner, S., "EST (Enrollment over Secure Transport)
Extensions", RFC 8295, DOI 10.17487/RFC8295, January 2018, Extensions", RFC 8295, DOI 10.17487/RFC8295, January 2018,
<https://www.rfc-editor.org/info/rfc8295>. <https://www.rfc-editor.org/info/rfc8295>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
skipping to change at page 13, line 40 skipping to change at page 19, line 17
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS
(DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018,
<https://www.rfc-editor.org/info/rfc8484>. <https://www.rfc-editor.org/info/rfc8484>.
[RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
January 2019, <https://www.rfc-editor.org/info/rfc8499>. January 2019, <https://www.rfc-editor.org/info/rfc8499>.
11.2. Informative References 14.2. Informative References
[ASN1-88] "International Telephone and Telegraph Consultative
Committee, "Specification of Abstract Syntax Notation One
(ASN.1)", CCITT Recommendation X.208, 1988.".
[CDN] "End-User Mapping: Next Generation Request Routing for [CDN] "End-User Mapping: Next Generation Request Routing for
Content Delivery", 2015, Content Delivery", 2015,
<https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/ <https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/
p167.pdf>. p167.pdf>.
[I-D.barnes-tls-pake]
Barnes, R. and O. Friel, "Usage of PAKE with TLS 1.3",
draft-barnes-tls-pake-04 (work in progress), July 2018.
[I-D.camwinget-tls-use-cases] [I-D.camwinget-tls-use-cases]
Andreasen, F., Cam-Winget, N., and E. Wang, "TLS 1.3 Andreasen, F., Cam-Winget, N., and E. Wang, "TLS 1.3
Impact on Network-Based Security", draft-camwinget-tls- Impact on Network-Based Security", draft-camwinget-tls-
use-cases-04 (work in progress), March 2019. use-cases-04 (work in progress), March 2019.
[I-D.ietf-opsawg-mud] [I-D.ietf-anima-bootstrapping-keyinfra]
Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
Description Specification", draft-ietf-opsawg-mud-25 (work S., and K. Watsen, "Bootstrapping Remote Secure Key
in progress), June 2018. Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-19 (work in progress), March 2019.
[RFC2775] Carpenter, B., "Internet Transparency", RFC 2775, [RFC2775] Carpenter, B., "Internet Transparency", RFC 2775,
DOI 10.17487/RFC2775, February 2000, DOI 10.17487/RFC2775, February 2000,
<https://www.rfc-editor.org/info/rfc2775>. <https://www.rfc-editor.org/info/rfc2775>.
[RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626, [RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626,
DOI 10.17487/RFC7626, August 2015, DOI 10.17487/RFC7626, August 2015,
<https://www.rfc-editor.org/info/rfc7626>. <https://www.rfc-editor.org/info/rfc7626>.
[RFC7671] Dukhovni, V. and W. Hardaker, "The DNS-Based
Authentication of Named Entities (DANE) Protocol: Updates
and Operational Guidance", RFC 7671, DOI 10.17487/RFC7671,
October 2015, <https://www.rfc-editor.org/info/rfc7671>.
[RFC7871] Contavalli, C., van der Gaast, W., Lawrence, D., and W. [RFC7871] Contavalli, C., van der Gaast, W., Lawrence, D., and W.
Kumari, "Client Subnet in DNS Queries", RFC 7871, Kumari, "Client Subnet in DNS Queries", RFC 7871,
DOI 10.17487/RFC7871, May 2016, DOI 10.17487/RFC7871, May 2016,
<https://www.rfc-editor.org/info/rfc7871>. <https://www.rfc-editor.org/info/rfc7871>.
[RFC8106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration",
RFC 8106, DOI 10.17487/RFC8106, March 2017,
<https://www.rfc-editor.org/info/rfc8106>.
[RFC8120] Oiwa, Y., Watanabe, H., Takagi, H., Maeda, K., Hayashi,
T., and Y. Ioku, "Mutual Authentication Protocol for
HTTP", RFC 8120, DOI 10.17487/RFC8120, April 2017,
<https://www.rfc-editor.org/info/rfc8120>.
[RFC8310] Dickinson, S., Gillmor, D., and T. Reddy, "Usage Profiles [RFC8310] Dickinson, S., Gillmor, D., and T. Reddy, "Usage Profiles
for DNS over TLS and DNS over DTLS", RFC 8310, for DNS over TLS and DNS over DTLS", RFC 8310,
DOI 10.17487/RFC8310, March 2018, DOI 10.17487/RFC8310, March 2018,
<https://www.rfc-editor.org/info/rfc8310>. <https://www.rfc-editor.org/info/rfc8310>.
[SRP-6] "SRP-6: Improvements and Refinements to the Secure Remote [RFC8520] Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage
Password Protocol", October 2002, Description Specification", RFC 8520,
<http://grouper.ieee.org/groups/1363/>. DOI 10.17487/RFC8520, March 2019,
<https://www.rfc-editor.org/info/rfc8520>.
Authors' Addresses Authors' Addresses
Tirumaleswar Reddy Tirumaleswar Reddy
McAfee, Inc. McAfee, Inc.
Embassy Golf Link Business Park Embassy Golf Link Business Park
Bangalore, Karnataka 560071 Bangalore, Karnataka 560071
India India
Email: kondtir@gmail.com Email: kondtir@gmail.com
Dan Wing Dan Wing
Citrix Systems, Inc.
USA USA
Email: dan@danwing.org Email: dwing-ietf@fuggles.com
Michael C. Richardson Michael C. Richardson
Sandelman Software Works Sandelman Software Works
USA USA
Email: mcr+ietf@sandelman.ca Email: mcr+ietf@sandelman.ca
Mohamed Boucadair Mohamed Boucadair
Orange Orange
Rennes 35000 Rennes 35000
France France
 End of changes. 79 change blocks. 
268 lines changed or deleted 551 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/