IETF Logo Mail Archive

[dnsext] RRTYPE request: template for proposed RKEY RRtype

Andrew Sullivan <ajs@shinkuro.com> Fri, 21 November 2008 19:11 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B66E3A68D0; Fri, 21 Nov 2008 11:11:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D6UmAJubwV3; Fri, 21 Nov 2008 11:11:37 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2AE673A67A6; Fri, 21 Nov 2008 11:11:37 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1L3bLd-000MjI-Qf for namedroppers-data@psg.com; Fri, 21 Nov 2008 19:07:21 +0000
Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1L3bLY-000Mj1-Rw for namedroppers@ops.ietf.org; Fri, 21 Nov 2008 19:07:19 +0000
Received: from crankycanuck.ca (unknown [130.129.29.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id C1C532FE9555 for <namedroppers@ops.ietf.org>; Fri, 21 Nov 2008 19:07:15 +0000 (UTC)
Date: Fri, 21 Nov 2008 13:07:14 -0600
From: Andrew Sullivan <ajs@shinkuro.com>
To: namedroppers@ops.ietf.org
Subject: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Message-ID: <20081121190713.GC20868@shinkuro.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="IiVenqGWf+H9Y6IX"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Dear colleagues,

Attached is a completed template requesting RRTYPE assignment under
the procedures defined in draft-ietf-dnsext-2929bis.  This message
initiates a thee-week comment period on this request.  Note that this
is one of two different open requests; the comment periods run
concurrently.

As with the other open request, we will process this request by the
entire panel of experts.

Best regards,

Andrew


-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

#
#	$Id: rkey-template.txt,v 1.3 2008/11/06 09:41:48 jim Exp $
#
		DNS RRTYPE PARAMETER ALLOCATION TEMPLATE


    A.   Submission Date:

	6/11/08

    B.   Submission Type:
         [x] New RRTYPE
         [ ] Modification to existing RRTYPE

    C.   Contact Information for submitter:
                Name: Jim Reid
                Email Address: jim@telnic.org
                International telephone number: +44 20 7467 6474
                Other contact handles: none
         (Note: This information will be publicly posted)


    D.   Motivation for the new RRTYPE application?

    	Storage of keying material in the DNS is currently limited to
    	keys used for Secure DNS and transaction authentication. This
    	is somewhat limiting. It is possible to store encrypted data
    	in the DNS: for instance in the RDATA of TXT records and some
    	other RRtypes. A scheme for encrypting NAPTR records is
    	outlined in draft-timms-encrypt-naptr-01. Defining an RRtype
    	which can be used to publish the keys relating to this
    	encrypted DNS data would provide an obvious method for
    	clients to retrieve those keys so that the encrypted data can
    	be decoded.


    E.   Description of the proposed RR type.

    	The format and structure of the proposed RRtype is almost
    	identical to a KEY record. The only differences are the
    	values of the record's flags and protocol fields. In the
    	proposed RRtype, the flags field is set to zero and its
    	protocol field set to 1. Further details about the record
    	format and its potential applications is given in
    	draft-reid-dnsext-rkey-00.txt.

    F.   What existing RRTYPE or RRTYPEs come closest to filling that
         need and why are they unsatisfactory?

	The KEY and DNSKEY records are identical in format and
	structure to the proposed RRtype. Their semantics are
	different however. These RRtypes cannot be used for
	publishing arbitrary application keys that could be used to
	encrypt DNS resource records. DNSKEY is restricted to
	signatures needed for Secure DNS, DNSSEC. The scope of the
	KEY record was limited by RFC3445 to eliminate sub-typing and
	prevent the RRtype being utilised for arbitrary application
	keys. A new RRtype is therefore needed to permit application
	keys specifically for encryption of DNS resource records to
	be stored and published in the DNS.

    G.   What mnemonic is requested for the new RRTYPE (optional)?
         Note: this can be left blank and the mnemonic decided after the
         template is accepted.

	RKEY

    H.   Does the requested RRTYPE make use of any existing IANA
         Registry or require the creation of a new IANA Sub-registry and
         in DNS Parameters?

	Yes. The proposed RRtype uses the IANA sub-registry of
	security algorithm numbers established by RFC2535 and updated
	by RFC4034. The proposed RRtype does not require any
	modifications to that sub-registry.

    I.   Does the proposal require/expect any changes in DNS
         servers/resolvers that prevent the new type from being
         processed as an unknown RRTYPE (see [RFC3597])?

	No.

    J.   Comments:

    	None.

_______________________________________________
dns-rrtype-applications mailing list
dns-rrtype-applications@ietf.org
https://www.ietf.org/mailman/listinfo/dns-rrtype-applications

v2.23.0 | Report a Bug | By Email