draft-ietf-dnsop-rfc2845bis-01.txt   draft-ietf-dnsop-rfc2845bis-02.txt 
Internet Engineering Task Force F. Dupont Internet Engineering Task Force F. Dupont
Internet-Draft S. Morris Internet-Draft S. Morris
Obsoletes: 2845, 4635 (if approved) ISC Obsoletes: 2845, 4635 (if approved) ISC
Intended status: Standards Track P. Vixie Intended status: Standards Track P. Vixie
Expires: April 18, 2019 Farsight Expires: May 23, 2019 Farsight
D. Eastlake 3rd D. Eastlake 3rd
Huawei Huawei
O. Gudmundsson O. Gudmundsson
CloudFlare CloudFlare
B. Wellington B. Wellington
Akamai Akamai
October 15, 2018 November 19, 2018
Secret Key Transaction Authentication for DNS (TSIG) Secret Key Transaction Authentication for DNS (TSIG)
draft-ietf-dnsop-rfc2845bis-01 draft-ietf-dnsop-rfc2845bis-02
Abstract Abstract
This protocol allows for transaction level authentication using This protocol allows for transaction level authentication using
shared secrets and one way hashing. It can be used to authenticate shared secrets and one way hashing. It can be used to authenticate
dynamic updates as coming from an approved client, or to authenticate dynamic updates as coming from an approved client, or to authenticate
responses as coming from an approved name server. responses as coming from an approved name server.
No provision has been made here for distributing the shared secrets. No provision has been made here for distributing the shared secrets.
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 18, 2019. This Internet-Draft will expire on May 23, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 12 skipping to change at page 3, line 12
6. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 10 6. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 10
6.1. TSIG generation on requests . . . . . . . . . . . . . . . 10 6.1. TSIG generation on requests . . . . . . . . . . . . . . . 10
6.2. TSIG on Answers . . . . . . . . . . . . . . . . . . . . . 10 6.2. TSIG on Answers . . . . . . . . . . . . . . . . . . . . . 10
6.3. TSIG on TSIG Error returns . . . . . . . . . . . . . . . 11 6.3. TSIG on TSIG Error returns . . . . . . . . . . . . . . . 11
6.4. TSIG on zone transfer over a TCP connection . . . . . . . 11 6.4. TSIG on zone transfer over a TCP connection . . . . . . . 11
6.5. Server TSIG checks . . . . . . . . . . . . . . . . . . . 12 6.5. Server TSIG checks . . . . . . . . . . . . . . . . . . . 12
6.5.1. Key check and error handling . . . . . . . . . . . . 12 6.5.1. Key check and error handling . . . . . . . . . . . . 12
6.5.2. MAC check and error handling . . . . . . . . . . . . 12 6.5.2. MAC check and error handling . . . . . . . . . . . . 12
6.5.3. Time check and error handling . . . . . . . . . . . . 13 6.5.3. Time check and error handling . . . . . . . . . . . . 13
6.5.4. Truncation check and error handling . . . . . . . . . 13 6.5.4. Truncation check and error handling . . . . . . . . . 13
6.6. Client processing of answer . . . . . . . . . . . . . . . 13 6.6. Client processing of answer . . . . . . . . . . . . . . . 14
6.6.1. Key error handling . . . . . . . . . . . . . . . . . 14 6.6.1. Key error handling . . . . . . . . . . . . . . . . . 14
6.6.2. MAC error handling . . . . . . . . . . . . . . . . . 14 6.6.2. MAC error handling . . . . . . . . . . . . . . . . . 14
6.6.3. Time error handling . . . . . . . . . . . . . . . . . 14 6.6.3. Time error handling . . . . . . . . . . . . . . . . . 14
6.6.4. Truncation error handling . . . . . . . . . . . . . . 14 6.6.4. Truncation error handling . . . . . . . . . . . . . . 14
6.7. Special considerations for forwarding servers . . . . . . 15 6.7. Special considerations for forwarding servers . . . . . . 15
7. Algorithms and Identifiers . . . . . . . . . . . . . . . . . 15 7. Algorithms and Identifiers . . . . . . . . . . . . . . . . . 15
8. TSIG Truncation Policy . . . . . . . . . . . . . . . . . . . 16 8. TSIG Truncation Policy . . . . . . . . . . . . . . . . . . . 16
9. Shared Secrets . . . . . . . . . . . . . . . . . . . . . . . 17 9. Shared Secrets . . . . . . . . . . . . . . . . . . . . . . . 17
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
11. Security Considerations . . . . . . . . . . . . . . . . . . . 18 11. Security Considerations . . . . . . . . . . . . . . . . . . . 18
11.1. Issue fixed in this document . . . . . . . . . . . . . . 19 11.1. Issue fixed in this document . . . . . . . . . . . . . . 19
11.2. Why not DNSSEC? . . . . . . . . . . . . . . . . . . . . 19 11.2. Why not DNSSEC? . . . . . . . . . . . . . . . . . . . . 19
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
12.1. Normative References . . . . . . . . . . . . . . . . . . 20 12.1. Normative References . . . . . . . . . . . . . . . . . . 20
12.2. Informative References . . . . . . . . . . . . . . . . . 20 12.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22
Appendix B. Change History (to be removed before publication) . 23 Appendix B. Change History (to be removed before publication) . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction 1. Introduction
The Domain Name System (DNS) [RFC1034], [RFC1035] is a replicated The Domain Name System (DNS) [RFC1034], [RFC1035] is a replicated
hierarchical distributed database system that provides information hierarchical distributed database system that provides information
fundamental to Internet operations, such as name <=> address fundamental to Internet operations, such as name <=> address
translation and mail handling information. translation and mail handling information.
In 2017, security problems in two nameservers strictly following In 2017, security problems in two nameservers strictly following
[RFC2845] and [RFC4635] (i.e., TSIG and its HMAC-SHA extension) [RFC2845] and [RFC4635] (i.e., TSIG and its HMAC-SHA extension)
skipping to change at page 8, line 33 skipping to change at page 8, line 33
placed TSIG RR, the TSIG RR is copied to a safe location, removed placed TSIG RR, the TSIG RR is copied to a safe location, removed
from the DNS Message, and decremented out of the DNS message header's from the DNS Message, and decremented out of the DNS message header's
ARCOUNT. At this point the keyed hash (HMAC) computation is ARCOUNT. At this point the keyed hash (HMAC) computation is
performed. performed.
If the algorithm name or key name is unknown to the recipient, or if If the algorithm name or key name is unknown to the recipient, or if
the MACs do not match, the whole DNS message MUST be discarded. If the MACs do not match, the whole DNS message MUST be discarded. If
the message is a query, a response with RCODE 9 (NOTAUTH) MUST be the message is a query, a response with RCODE 9 (NOTAUTH) MUST be
sent back to the originator with TSIG ERROR 17 (BADKEY) or TSIG ERROR sent back to the originator with TSIG ERROR 17 (BADKEY) or TSIG ERROR
16 (BADSIG). If no key is available to sign this message it MUST be 16 (BADSIG). If no key is available to sign this message it MUST be
sent unsigned (MAC size == 0 and empty MAC). A message to the system sent unsigned (MAC size == 0 and empty MAC). Algorithm name and time
operations log SHOULD be generated, to warn the operations staff of a signed and fudge fields SHOULD be copied to the response to provide
possible security incident in progress. Care should be taken to off path spoof protection. A message to the system operations log
ensure that logging of this type of event does not open the system to SHOULD be generated, to warn the operations staff of a possible
a denial of service attack. security incident in progress. Care should be taken to ensure that
logging of this type of event does not open the system to a denial of
service attack.
Until these error checks are successfully passed, concluding that the Until these error checks are successfully passed, concluding that the
signature is valid, the signature MUST be considered to be invalid. signature is valid, the signature MUST be considered to be invalid.
5.3. Time values used in TSIG calculations 5.3. Time values used in TSIG calculations
The data digested includes the two timer values in the TSIG header in The data digested includes the two timer values in the TSIG header in
order to defend against replay attacks. If this were not done, an order to defend against replay attacks. If this were not done, an
attacker could replay old messages but update the "Time Signed" and attacker could replay old messages but update the "Time Signed" and
"Fudge" fields to make the message look new. This data is named "Fudge" fields to make the message look new. This data is named
skipping to change at page 24, line 46 skipping to change at page 24, line 46
Added text from [RFC3645] concerning the signing behavior if a Added text from [RFC3645] concerning the signing behavior if a
secret key is added during a multi-message exchange. secret key is added during a multi-message exchange.
Added reference to [RFC6895]. Added reference to [RFC6895].
Many improvements in the wording. Many improvements in the wording.
Added RFC 2845 authors as co-authors of this document. Added RFC 2845 authors as co-authors of this document.
draft-ietf-dnsop-rfc2845bis-02
Added a recommendation to copy time fields in BADKEY errors.
(Mark Andrews)
Authors' Addresses Authors' Addresses
Francis Dupont Francis Dupont
Internet Software Consortium Internet Software Consortium
950 Charter Street 950 Charter Street
Redwood City, CA 94063 Redwood City, CA 94063
United States of America United States of America
Email: Francis.Dupont@fdupont.fr Email: Francis.Dupont@fdupont.fr
Stephen Morris Stephen Morris
Internet Software Consortium Internet Software Consortium
 End of changes. 9 change blocks. 
11 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/