draft-ietf-dnsext-ds-sha256-02.txt | draft-ietf-dnsext-ds-sha256-03.txt | |||
---|---|---|---|---|
Network Working Group W. Hardaker | Network Working Group W. Hardaker | |||
Internet-Draft Sparta | Internet-Draft Sparta | |||
Expires: June 12, 2006 December 9, 2005 | Expires: July 10, 2006 January 6, 2006 | |||
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | |||
draft-ietf-dnsext-ds-sha256-02.txt | draft-ietf-dnsext-ds-sha256-03.txt | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on June 12, 2006. | This Internet-Draft will expire on July 10, 2006. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2006). | |||
Abstract | Abstract | |||
This document specifies how to use the SHA-256 digest type in DNS | This document specifies how to use the SHA-256 digest type in DNS | |||
Delegation Signer (DS) Resource Records (RRs). DS records, when | Delegation Signer (DS) Resource Records (RRs). DS records, when | |||
stored in a parent zone, point to key signing DNSKEY key(s) in a | stored in a parent zone, point to key signing DNSKEY key(s) in a | |||
child zone. | child zone. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Implementing the SHA-256 algorithm for DS record support . . . 3 | 2. Implementing the SHA-256 algorithm for DS record support . . . 3 | |||
2.1. DS record field values . . . . . . . . . . . . . . . . . . 3 | 2.1. DS record field values . . . . . . . . . . . . . . . . . . 3 | |||
2.2. DS Record with SHA-256 Wire Format . . . . . . . . . . . . 3 | 2.2. DS Record with SHA-256 Wire Format . . . . . . . . . . . . 3 | |||
2.3. Example DS Record Using SHA-256 . . . . . . . . . . . . . . 4 | 2.3. Example DS Record Using SHA-256 . . . . . . . . . . . . . . 4 | |||
3. Implementation Requirements . . . . . . . . . . . . . . . . . . 4 | 3. Implementation Requirements . . . . . . . . . . . . . . . . . . 4 | |||
4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 5 | 4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 | |||
6.1. Potential Digest Type Downgrade Attacks . . . . . . . . . . 5 | ||||
6.2. SHA-1 vs SHA-256 Considerations for DS Records . . . . . . 6 | ||||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 | 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
8.1. Normative References . . . . . . . . . . . . . . . . . . . 6 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 6 | |||
8.2. Informative References . . . . . . . . . . . . . . . . . . 6 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 7 | |||
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 7 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 8 | Intellectual Property and Copyright Statements . . . . . . . . . . 9 | |||
1. Introduction | 1. Introduction | |||
The DNSSEC [RFC4033] [RFC4034] [RFC4035] DS RR is published in parent | The DNSSEC [RFC4033] [RFC4034] [RFC4035] DS RR is published in parent | |||
zones to distribute a cryptographic digest of a child's Key Signing | zones to distribute a cryptographic digest of a child's Key Signing | |||
Key (KSK) DNSKEY RR. The DS RRset is signed by at least one of the | Key (KSK) DNSKEY RR. The DS RRset is signed by at least one of the | |||
parent zone's private zone data signing keys for each algorithm in | parent zone's private zone data signing keys for each algorithm in | |||
use by the parent. Each signature is published in an RRSIG resource | use by the parent. Each signature is published in an RRSIG resource | |||
record, owned by the same domain as the DS RRset and with a type | record, owned by the same domain as the DS RRset and with a type | |||
covered of DS. | covered of DS. | |||
skipping to change at page 4, line 21 | skipping to change at page 4, line 21 | |||
/ Digest (length for SHA-256 is 32 bytes) / | / Digest (length for SHA-256 is 32 bytes) / | |||
/ / | / / | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | |||
2.3. Example DS Record Using SHA-256 | 2.3. Example DS Record Using SHA-256 | |||
The following is an example DNSKEY and matching DS record. This | The following is an example DNSKEY and matching DS record. This | |||
DNSKEY record comes from the example DNSKEY/DS records found in | DNSKEY record comes from the example DNSKEY/DS records found in | |||
section 5.4 of [RFC4034]. | section 5.4 of [RFC4034]. | |||
The DNSKEY record:: | The DNSKEY record: | |||
dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz | dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz | |||
fwJr1AYtsmx3TGkJaNXVbfi/ | fwJr1AYtsmx3TGkJaNXVbfi/ | |||
2pHm822aJ5iI9BMzNXxeYCmZ | 2pHm822aJ5iI9BMzNXxeYCmZ | |||
DRD99WYwYqUSdjMmmAphXdvx | DRD99WYwYqUSdjMmmAphXdvx | |||
egXd/M5+X7OrzKBaMbCVdFLU | egXd/M5+X7OrzKBaMbCVdFLU | |||
Uh6DhweJBjEVv5f2wwjM9Xzc | Uh6DhweJBjEVv5f2wwjM9Xzc | |||
nOf+EPbtG9DMBmADjFDc2w/r | nOf+EPbtG9DMBmADjFDc2w/r | |||
ljwvFw== | ljwvFw== | |||
) ; key id = 60485 | ) ; key id = 60485 | |||
skipping to change at page 4, line 44 | skipping to change at page 4, line 44 | |||
256 digest: [RFC Editor: please replace XXX with the assigned digest | 256 digest: [RFC Editor: please replace XXX with the assigned digest | |||
type (likely 2):] | type (likely 2):] | |||
dskey.example.com. 86400 IN DS 60485 5 XXX ( D4B7D520E7BB5F0F67674A0C | dskey.example.com. 86400 IN DS 60485 5 XXX ( D4B7D520E7BB5F0F67674A0C | |||
CEB1E3E0614B93C4F9E99B83 | CEB1E3E0614B93C4F9E99B83 | |||
83F6A1E4469DA50A ) | 83F6A1E4469DA50A ) | |||
3. Implementation Requirements | 3. Implementation Requirements | |||
Implementations MUST support the use of the SHA-256 algorithm in DS | Implementations MUST support the use of the SHA-256 algorithm in DS | |||
RRs. | RRs. Validator implementations SHOULD ignore DS RRs containing SHA-1 | |||
digests if DS RRs with SHA-256 digests are present in the DS RRset. | ||||
Validator implementations MUST, by default, ignore DS RRs containing | ||||
SHA-1 digests if DS RRs with SHA-256 digests are present in the DS | ||||
RRset. This behavior SHOULD be the default. Validator | ||||
implementations MAY provide configuration settings that allow network | ||||
operators to specify preference policy when validating multiple DS | ||||
records containing different digest types. | ||||
4. Deployment Considerations | 4. Deployment Considerations | |||
If a validator does not support the SHA-256 digest type and no other | If a validator does not support the SHA-256 digest type and no other | |||
DS RR exists in a zone's DS RRset with a supported digest type, then | DS RR exists in a zone's DS RRset with a supported digest type, then | |||
the validator has no supported authentication path leading from the | the validator has no supported authentication path leading from the | |||
parent to the child. The resolver should treat this case as it would | parent to the child. The resolver should treat this case as it would | |||
the case of an authenticated NSEC RRset proving that no DS RRset | the case of an authenticated NSEC RRset proving that no DS RRset | |||
exists, as described in [RFC4035], section 5.2. | exists, as described in [RFC4035], section 5.2. | |||
skipping to change at page 5, line 39 | skipping to change at page 5, line 34 | |||
use in DS records are as follows: | use in DS records are as follows: | |||
VALUE Digest Type Status | VALUE Digest Type Status | |||
0 Reserved - | 0 Reserved - | |||
1 SHA-1 MANDATORY | 1 SHA-1 MANDATORY | |||
2 SHA-256 MANDATORY | 2 SHA-256 MANDATORY | |||
3-255 Unassigned - | 3-255 Unassigned - | |||
6. Security Considerations | 6. Security Considerations | |||
6.1. Potential Digest Type Downgrade Attacks | ||||
A downgrade attack from a stronger digest type to a weaker one is | ||||
possible if all of the following are true: | ||||
o A zone includes multiple DS records for a given child's DNSKEY, | ||||
each of which use a different digest type. | ||||
o A validator accepts a weaker digest even if a stronger one is | ||||
present but invalid. | ||||
For example, if the following conditions are all true: | ||||
o Both SHA-1 and SHA-256 based digests are published in DS records | ||||
within a parent zone for a given child zone's DNSKEY. | ||||
o The DS record with the SHA-1 digest matches the digest computed | ||||
using the child zone's DNSKEY. | ||||
o The DS record with the SHA-256 digest fails to match the signature | ||||
computed using the child zone's DNSKEY | ||||
Then if the validator accepts the above situation as secure then this | ||||
can be used as a downgrade attack since the stronger SHA-256 digest | ||||
is ignored. | ||||
6.2. SHA-1 vs SHA-256 Considerations for DS Records | ||||
Because of the weaknesses recently discovered within the SHA-1 | Because of the weaknesses recently discovered within the SHA-1 | |||
algorithm, users of DNSSEC are encouraged to deploy the use of SHA- | algorithm, users of DNSSEC are encouraged to deploy the use of SHA- | |||
256 as soon as the software implementations in use allow for it. | 256 as soon as the software implementations in use allow for it. | |||
At the time of this publication, the SHA-256 digest algorithm is | At the time of this publication, the SHA-256 digest algorithm is | |||
considered sufficiently strong for the immediate future. It is also | considered sufficiently strong for the immediate future. It is also | |||
considered sufficient for use in DNSSEC DS RRs for the immediate | considered sufficient for use in DNSSEC DS RRs for the immediate | |||
future. However, future published attacks may, of course, weaken the | future. However, future published attacks may weaken the usability | |||
usability of this algorithm within the DS RRs. It is beyond the | of this algorithm within the DS RRs. It is beyond the scope of this | |||
scope of this document to speculate extensively on the cryptographic | document to speculate extensively on the cryptographic strength of | |||
strength of the SHA-256 digest algorithm. | the SHA-256 digest algorithm. | |||
Likewise, it is also beyond the scope of this document to specify | Likewise, it is also beyond the scope of this document to specify | |||
whether or for how long SHA-1 based DS records should be | whether or for how long SHA-1 based DS records should be | |||
simultaneously published alongside SHA-256 based DS records. | simultaneously published alongside SHA-256 based DS records. | |||
7. Acknowledgments | 7. Acknowledgments | |||
This document is a minor extension to the existing DNSSEC documents | This document is a minor extension to the existing DNSSEC documents | |||
and those authors are gratefully appreciated for the hard work that | and those authors are gratefully appreciated for the hard work that | |||
went into the base documents. | went into the base documents. | |||
The following people contributed to portions of this document in some | The following people contributed to portions of this document in some | |||
fashion: Mark Andrews, Roy Arends, Olafur Gudmundsson, Olaf M. | fashion: Mark Andrews, Roy Arends, Olafur Gudmundsson, Olaf M. | |||
Kolkman, Edward Lewis, Scott Rose, Sam Weiler. | Kolkman, Edward Lewis, Scott Rose, Stuart E. Schechter, Sam Weiler. | |||
8. References | 8. References | |||
8.1. Normative References | 8.1. Normative References | |||
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
Rose, "DNS Security Introduction and Requirements", | Rose, "DNS Security Introduction and Requirements", | |||
RFC 4033, March 2005. | RFC 4033, March 2005. | |||
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
skipping to change at page 7, line 5 | skipping to change at page 7, line 18 | |||
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
Rose, "Protocol Modifications for the DNS Security | Rose, "Protocol Modifications for the DNS Security | |||
Extensions", RFC 4035, March 2005. | Extensions", RFC 4035, March 2005. | |||
[SHA256] National Institute of Standards and Technology, "Secure | [SHA256] National Institute of Standards and Technology, "Secure | |||
Hash Algorithm. NIST FIPS 180-2", August 2002. | Hash Algorithm. NIST FIPS 180-2", August 2002. | |||
8.2. Informative References | 8.2. Informative References | |||
[SHA256CODE] | ||||
Motorola Labs, "US Secure Hash Algorithms (SHA)", | ||||
June 2005. | ||||
Author's Address | Author's Address | |||
Wes Hardaker | Wes Hardaker | |||
Sparta | Sparta | |||
P.O. Box 382 | P.O. Box 382 | |||
Davis 95617 | Davis 95617 | |||
US | US | |||
Email: hardaker@tislabs.com | Email: hardaker@tislabs.com | |||
skipping to change at page 8, line 41 | skipping to change at page 9, line 41 | |||
This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
Copyright Statement | Copyright Statement | |||
Copyright (C) The Internet Society (2005). This document is subject | Copyright (C) The Internet Society (2006). This document is subject | |||
to the rights, licenses and restrictions contained in BCP 78, and | to the rights, licenses and restrictions contained in BCP 78, and | |||
except as set forth therein, the authors retain all their rights. | except as set forth therein, the authors retain all their rights. | |||
Acknowledgment | Acknowledgment | |||
Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
Internet Society. | Internet Society. | |||
End of changes. 14 change blocks. | ||||
23 lines changed or deleted | 51 lines changed or added | |||
This html diff was produced by rfcdiff 1.28, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |