| draft-ietf-dnsop-rfc2845bis-04.txt | draft-ietf-dnsop-rfc2845bis-05.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force F. Dupont | Internet Engineering Task Force F. Dupont | |||
| Internet-Draft S. Morris | Internet-Draft S. Morris | |||
| Obsoletes: 2845, 4635 (if approved) ISC | Obsoletes: 2845, 4635 (if approved) ISC | |||
| Intended status: Standards Track P. Vixie | Intended status: Standards Track P. Vixie | |||
| Expires: December 27, 2019 Farsight | Expires: January 8, 2020 Farsight | |||
| D. Eastlake 3rd | D. Eastlake 3rd | |||
| Huawei | Huawei | |||
| O. Gudmundsson | O. Gudmundsson | |||
| CloudFlare | CloudFlare | |||
| B. Wellington | B. Wellington | |||
| Akamai | Akamai | |||
| June 25, 2019 | July 7, 2019 | |||
| Secret Key Transaction Authentication for DNS (TSIG) | Secret Key Transaction Authentication for DNS (TSIG) | |||
| draft-ietf-dnsop-rfc2845bis-04 | draft-ietf-dnsop-rfc2845bis-05 | |||
| Abstract | Abstract | |||
| This document describes a protocol for transaction level | This document describes a protocol for transaction level | |||
| authentication using shared secrets and one way hashing. It can be | authentication using shared secrets and one way hashing. It can be | |||
| used to authenticate dynamic updates as coming from an approved | used to authenticate dynamic updates as coming from an approved | |||
| client, or to authenticate responses as coming from an approved name | client, or to authenticate responses as coming from an approved name | |||
| server. | server. | |||
| No recommendation is made here for distributing the shared secrets: | No recommendation is made here for distributing the shared secrets: | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 27, 2019. | This Internet-Draft will expire on January 8, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
| 4.3.3. TSIG Variables . . . . . . . . . . . . . . . . . . . 8 | 4.3.3. TSIG Variables . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 9 | 5. Protocol Details . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.1. Generation of TSIG on Requests . . . . . . . . . . . . . 9 | 5.1. Generation of TSIG on Requests . . . . . . . . . . . . . 9 | |||
| 5.2. Server Processing of Request . . . . . . . . . . . . . . 10 | 5.2. Server Processing of Request . . . . . . . . . . . . . . 10 | |||
| 5.2.1. Key Check and Error Handling . . . . . . . . . . . . 10 | 5.2.1. Key Check and Error Handling . . . . . . . . . . . . 10 | |||
| 5.2.2. MAC Check and Error Handling . . . . . . . . . . . . 11 | 5.2.2. MAC Check and Error Handling . . . . . . . . . . . . 11 | |||
| 5.2.3. Time Check and Error Handling . . . . . . . . . . . . 12 | 5.2.3. Time Check and Error Handling . . . . . . . . . . . . 12 | |||
| 5.2.4. Truncation Check and Error Handling . . . . . . . . . 12 | 5.2.4. Truncation Check and Error Handling . . . . . . . . . 12 | |||
| 5.3. Generation of TSIG on Answers . . . . . . . . . . . . . . 12 | 5.3. Generation of TSIG on Answers . . . . . . . . . . . . . . 12 | |||
| 5.3.1. TSIG on Zone Transfer Over a TCP Connection . . . . . 13 | 5.3.1. TSIG on Zone Transfer Over a TCP Connection . . . . . 13 | |||
| 5.3.2. Generation of TSIG on Error Returns . . . . . . . . . 13 | 5.3.2. Generation of TSIG on Error Returns . . . . . . . . . 14 | |||
| 5.4. Client Processing of Answer . . . . . . . . . . . . . . . 14 | 5.4. Client Processing of Answer . . . . . . . . . . . . . . . 14 | |||
| 5.4.1. Key Error Handling . . . . . . . . . . . . . . . . . 14 | 5.4.1. Key Error Handling . . . . . . . . . . . . . . . . . 14 | |||
| 5.4.2. MAC Error Handling . . . . . . . . . . . . . . . . . 14 | 5.4.2. MAC Error Handling . . . . . . . . . . . . . . . . . 15 | |||
| 5.4.3. Time Error Handling . . . . . . . . . . . . . . . . . 15 | 5.4.3. Time Error Handling . . . . . . . . . . . . . . . . . 15 | |||
| 5.4.4. Truncation Error Handling . . . . . . . . . . . . . . 15 | 5.4.4. Truncation Error Handling . . . . . . . . . . . . . . 15 | |||
| 5.5. Special Considerations for Forwarding Servers . . . . . . 15 | 5.5. Special Considerations for Forwarding Servers . . . . . . 15 | |||
| 6. Algorithms and Identifiers . . . . . . . . . . . . . . . . . 15 | 6. Algorithms and Identifiers . . . . . . . . . . . . . . . . . 16 | |||
| 7. TSIG Truncation Policy . . . . . . . . . . . . . . . . . . . 16 | 7. TSIG Truncation Policy . . . . . . . . . . . . . . . . . . . 16 | |||
| 8. Shared Secrets . . . . . . . . . . . . . . . . . . . . . . . 17 | 8. Shared Secrets . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | |||
| 10.1. Issue Fixed in this Document . . . . . . . . . . . . . . 19 | 10.1. Issue Fixed in this Document . . . . . . . . . . . . . . 19 | |||
| 10.2. Why not DNSSEC? . . . . . . . . . . . . . . . . . . . . 19 | 10.2. Why not DNSSEC? . . . . . . . . . . . . . . . . . . . . 19 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 20 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 20 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 20 | 11.2. Informative References . . . . . . . . . . . . . . . . . 21 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 22 | |||
| Appendix B. Change History (to be removed before publication) . 22 | Appendix B. Change History (to be removed before publication) . 23 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 1. Introduction | 1. Introduction | |||
| 1.1. Background | 1.1. Background | |||
| The Domain Name System (DNS, [RFC1034], [RFC1035]) is a replicated | The Domain Name System (DNS, [RFC1034], [RFC1035]) is a replicated | |||
| hierarchical distributed database system that provides information | hierarchical distributed database system that provides information | |||
| fundamental to Internet operations, such as name to address | fundamental to Internet operations, such as name to address | |||
| translation and mail handling information. | translation and mail handling information. | |||
| skipping to change at page 12, line 18 ¶ | skipping to change at page 12, line 18 ¶ | |||
| request (which is: Time Signed, plus/minus Fudge), the server MUST | request (which is: Time Signed, plus/minus Fudge), the server MUST | |||
| generate an error response with RCODE 9 (NOTAUTH) and TSIG ERROR 18 | generate an error response with RCODE 9 (NOTAUTH) and TSIG ERROR 18 | |||
| (BADTIME). The server SHOULD also cache the most recent time signed | (BADTIME). The server SHOULD also cache the most recent time signed | |||
| value in a message generated by a key, and SHOULD return BADTIME if a | value in a message generated by a key, and SHOULD return BADTIME if a | |||
| message received later has an earlier time signed value. A response | message received later has an earlier time signed value. A response | |||
| indicating a BADTIME error MUST be signed by the same key as the | indicating a BADTIME error MUST be signed by the same key as the | |||
| request. It MUST include the client's current time in the time | request. It MUST include the client's current time in the time | |||
| signed field, the server's current time (an unsigned 48-bit integer) | signed field, the server's current time (an unsigned 48-bit integer) | |||
| in the other data field, and 6 in the other data length field. This | in the other data field, and 6 in the other data length field. This | |||
| is done so that the client can verify a message with a BADTIME error | is done so that the client can verify a message with a BADTIME error | |||
| without the verification failing due to another BADTIME error. The | without the verification failing due to another BADTIME error. In | |||
| data signed is specified in Section 5.3.2. The server SHOULD log the | addition, the fudge field MUST be set to the fudge value received | |||
| error. | from the client. The data signed is specified in Section 5.3.2. The | |||
| server SHOULD log the error. | ||||
| Caching the most recent time signed value and rejecting requests with | ||||
| an earlier one could lead to valid messages being rejected if transit | ||||
| through the network led to UDP packets arriving in a different order | ||||
| to the one in which they were sent. Implementations should be aware | ||||
| of this possibility and be prepared to deal with it, e.g. by | ||||
| retransmitting the rejected request with a new TSIG once outstanding | ||||
| requests have completed or the time given by their time signed plus | ||||
| fudge value has passed. | ||||
| 5.2.4. Truncation Check and Error Handling | 5.2.4. Truncation Check and Error Handling | |||
| If a TSIG is received with truncation that is permitted under | If a TSIG is received with truncation that is permitted under | |||
| Section 5.2.2.1 above but the MAC is too short for the local policy | Section 5.2.2.1 above but the MAC is too short for the local policy | |||
| in force, an RCODE 9 (NOTAUTH) and TSIG ERROR 22 (BADTRUNC) MUST be | in force, an RCODE 9 (NOTAUTH) and TSIG ERROR 22 (BADTRUNC) MUST be | |||
| returned. The server SHOULD log the error. | returned. The server SHOULD log the error. | |||
| 5.3. Generation of TSIG on Answers | 5.3. Generation of TSIG on Answers | |||
| skipping to change at page 15, line 43 ¶ | skipping to change at page 16, line 9 ¶ | |||
| available to the destination and the message is a query then, if the | available to the destination and the message is a query then, if the | |||
| corresponding response has the AD flag (see [RFC4035]) set, the | corresponding response has the AD flag (see [RFC4035]) set, the | |||
| forwarder MUST clear the AD flag before adding the TSIG to the | forwarder MUST clear the AD flag before adding the TSIG to the | |||
| response and returning the result to the system from which it | response and returning the result to the system from which it | |||
| received the query. | received the query. | |||
| 6. Algorithms and Identifiers | 6. Algorithms and Identifiers | |||
| The only message digest algorithm specified in the first version of | The only message digest algorithm specified in the first version of | |||
| these specifications [RFC2845] was "HMAC-MD5" (see [RFC1321], | these specifications [RFC2845] was "HMAC-MD5" (see [RFC1321], | |||
| [RFC2104]). The "HMAC-MD5" algorithm is mandatory to implement for | [RFC2104]). Although a review of its security [RFC6151] concluded | |||
| interoperability. | that "it may not be urgent to remove HMAC-MD5 from the existing | |||
| protocols", with the availability of more secure alternatives the | ||||
| opportunity has been taken to make the implementation of this | ||||
| algorithm optional. | ||||
| The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as | The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as | |||
| compared to the 128 bits for MD5), and additional hash algorithms in | compared to the 128 bits for MD5), and additional hash algorithms in | |||
| the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384, | the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384, | |||
| and 512 bits may be preferred in some cases. This is because | and 512 bits may be preferred in some cases. This is because | |||
| increasingly successful cryptanalytic attacks are being made on the | increasingly successful cryptanalytic attacks are being made on the | |||
| shorter hashes. | shorter hashes. | |||
| Use of TSIG between two DNS agents is by mutual agreement. That | Use of TSIG between two DNS agents is by mutual agreement. That | |||
| agreement can include the support of additional algorithms and | agreement can include the support of additional algorithms and | |||
| skipping to change at page 16, line 19 ¶ | skipping to change at page 16, line 36 ¶ | |||
| Key agreement can be by the TKEY mechanism [RFC2930] or some other | Key agreement can be by the TKEY mechanism [RFC2930] or some other | |||
| mutually agreeable method. | mutually agreeable method. | |||
| Implementations that support TSIG MUST also implement HMAC SHA1 and | Implementations that support TSIG MUST also implement HMAC SHA1 and | |||
| HMAC SHA256 and MAY implement gss-tsig and the other algorithms | HMAC SHA256 and MAY implement gss-tsig and the other algorithms | |||
| listed below. SHA-1 truncated to 96 bits (12 octets) SHOULD be | listed below. SHA-1 truncated to 96 bits (12 octets) SHOULD be | |||
| implemented. | implemented. | |||
| Requirement Name | Requirement Name | |||
| ----------- ------------------------ | ----------- ------------------------ | |||
| Mandatory HMAC-MD5.SIG-ALG.REG.INT | Optional HMAC-MD5.SIG-ALG.REG.INT | |||
| Optional gss-tsig | Optional gss-tsig | |||
| Mandatory hmac-sha1 | Mandatory hmac-sha1 | |||
| Optional hmac-sha224 | Optional hmac-sha224 | |||
| Mandatory hmac-sha256 | Mandatory hmac-sha256 | |||
| Optional hmac-sha384 | Optional hmac-sha384 | |||
| Optional hmac-sha512 | Optional hmac-sha512 | |||
| Table 1 | Table 1 | |||
| 7. TSIG Truncation Policy | 7. TSIG Truncation Policy | |||
| skipping to change at page 22, line 10 ¶ | skipping to change at page 22, line 25 ¶ | |||
| [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "Protocol Modifications for the DNS Security | Rose, "Protocol Modifications for the DNS Security | |||
| Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, | Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, | |||
| <https://www.rfc-editor.org/info/rfc4035>. | <https://www.rfc-editor.org/info/rfc4035>. | |||
| [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, | |||
| "Randomness Requirements for Security", BCP 106, RFC 4086, | "Randomness Requirements for Security", BCP 106, RFC 4086, | |||
| DOI 10.17487/RFC4086, June 2005, | DOI 10.17487/RFC4086, June 2005, | |||
| <https://www.rfc-editor.org/info/rfc4086>. | <https://www.rfc-editor.org/info/rfc4086>. | |||
| [RFC6151] Turner, S. and L. Chen, "Updated Security Considerations | ||||
| for the MD5 Message-Digest and the HMAC-MD5 Algorithms", | ||||
| RFC 6151, DOI 10.17487/RFC6151, March 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6151>. | ||||
| [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms | [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms | |||
| (SHA and SHA-based HMAC and HKDF)", RFC 6234, | (SHA and SHA-based HMAC and HKDF)", RFC 6234, | |||
| DOI 10.17487/RFC6234, May 2011, | DOI 10.17487/RFC6234, May 2011, | |||
| <https://www.rfc-editor.org/info/rfc6234>. | <https://www.rfc-editor.org/info/rfc6234>. | |||
| [RFC6895] Eastlake 3rd, D., "Domain Name System (DNS) IANA | [RFC6895] Eastlake 3rd, D., "Domain Name System (DNS) IANA | |||
| Considerations", BCP 42, RFC 6895, DOI 10.17487/RFC6895, | Considerations", BCP 42, RFC 6895, DOI 10.17487/RFC6895, | |||
| April 2013, <https://www.rfc-editor.org/info/rfc6895>. | April 2013, <https://www.rfc-editor.org/info/rfc6895>. | |||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
| skipping to change at page 22, line 43 ¶ | skipping to change at page 23, line 14 ¶ | |||
| Note for the RFC Editor (to be removed before publication): the first | Note for the RFC Editor (to be removed before publication): the first | |||
| 'e' in Clement is a fact a small 'e' with acute, unicode code U+00E9. | 'e' in Clement is a fact a small 'e' with acute, unicode code U+00E9. | |||
| I do not know if xml2rfc supports non ASCII characters so I prefer to | I do not know if xml2rfc supports non ASCII characters so I prefer to | |||
| not experiment with it. BTW I am French too so I can help if you | not experiment with it. BTW I am French too so I can help if you | |||
| have questions like correct spelling... | have questions like correct spelling... | |||
| Peter van Dijk, Benno Overeinder, Willem Toroop, Ondrej Sury, Mukund | Peter van Dijk, Benno Overeinder, Willem Toroop, Ondrej Sury, Mukund | |||
| Sivaraman and Ralph Dolmans participated in the discussions that | Sivaraman and Ralph Dolmans participated in the discussions that | |||
| prompted this document. Mukund Sivaraman and Martin Hoffman made | prompted this document. Mukund Sivaraman and Martin Hoffman made | |||
| extermely helpful suggestions concerning the structure and wording of | extremely helpful suggestions concerning the structure and wording of | |||
| the updated document. | the updated document. | |||
| Appendix B. Change History (to be removed before publication) | Appendix B. Change History (to be removed before publication) | |||
| draft-dupont-dnsop-rfc2845bis-00 | draft-dupont-dnsop-rfc2845bis-00 | |||
| [RFC4635] was merged. | [RFC4635] was merged. | |||
| Authors of original documents were moved to Acknowledgments | Authors of original documents were moved to Acknowledgments | |||
| (Appendix A). | (Appendix A). | |||
| skipping to change at page 25, line 5 ¶ | skipping to change at page 25, line 22 ¶ | |||
| Added a recommendation to copy time fields in BADKEY errors. | Added a recommendation to copy time fields in BADKEY errors. | |||
| (Mark Andrews) | (Mark Andrews) | |||
| draft-ietf-dnsop-rfc2845bis-03 | draft-ietf-dnsop-rfc2845bis-03 | |||
| Further changes as a result of comments by Mukund Sivaraman. | Further changes as a result of comments by Mukund Sivaraman. | |||
| Miscellaneous changes to wording. | Miscellaneous changes to wording. | |||
| draft-ietf-dnsop-rfc2845bis-04 | ||||
| Major restructing as a result of comprehensive review by Martin | Major restructing as a result of comprehensive review by Martin | |||
| Hoffman. Amongst the more significant changes: | Hoffman. Amongst the more significant changes: | |||
| * More comprehensive introduction. | * More comprehensive introduction. | |||
| * Merged "Protocol Description" and "Protocol Details" sections. | * Merged "Protocol Description" and "Protocol Details" sections. | |||
| * Reordered sections so as to follow message exchange through | * Reordered sections so as to follow message exchange through | |||
| "client "sending", "server receipt", "server sending", "client | "client "sending", "server receipt", "server sending", "client | |||
| receipt". | receipt". | |||
| * Added miscellaneous clarifications. | * Added miscellaneous clarifications. | |||
| Authors' Addresses | draft-ietf-dnsop-rfc2845bis-05 | |||
| Make implementation of HMAC-MD5 optional. | ||||
| Require that the Fudge field in BADTIME response be equal to the | ||||
| Fudge field received from the client. | ||||
| Added comment concerning the handling of BADTIME messages due to | ||||
| out of order packet reception. | ||||
| Authors' Addresses | ||||
| Francis Dupont | Francis Dupont | |||
| Internet Software Consortium | Internet Software Consortium | |||
| 950 Charter Street | 950 Charter Street | |||
| Redwood City, CA 94063 | Redwood City, CA 94063 | |||
| United States of America | United States of America | |||
| Email: Francis.Dupont@fdupont.fr | Email: Francis.Dupont@fdupont.fr | |||
| Stephen Morris | Stephen Morris | |||
| Internet Software Consortium | Internet Software Consortium | |||
| End of changes. 17 change blocks. | ||||
| 17 lines changed or deleted | 46 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||