[dnsext] RRTYPE request: template for proposed RKEY RRtype
Andrew Sullivan <ajs@shinkuro.com> Fri, 21 November 2008 19:11 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B66E3A68D0; Fri, 21 Nov 2008 11:11:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D6UmAJubwV3; Fri, 21 Nov 2008 11:11:37 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2AE673A67A6; Fri, 21 Nov 2008 11:11:37 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1L3bLd-000MjI-Qf for namedroppers-data@psg.com; Fri, 21 Nov 2008 19:07:21 +0000
Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1L3bLY-000Mj1-Rw for namedroppers@ops.ietf.org; Fri, 21 Nov 2008 19:07:19 +0000
Received: from crankycanuck.ca (unknown [130.129.29.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id C1C532FE9555 for <namedroppers@ops.ietf.org>; Fri, 21 Nov 2008 19:07:15 +0000 (UTC)
Date: Fri, 21 Nov 2008 13:07:14 -0600
From: Andrew Sullivan <ajs@shinkuro.com>
To: namedroppers@ops.ietf.org
Subject: [dnsext] RRTYPE request: template for proposed RKEY RRtype
Message-ID: <20081121190713.GC20868@shinkuro.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="IiVenqGWf+H9Y6IX"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Dear colleagues, Attached is a completed template requesting RRTYPE assignment under the procedures defined in draft-ietf-dnsext-2929bis. This message initiates a thee-week comment period on this request. Note that this is one of two different open requests; the comment periods run concurrently. As with the other open request, we will process this request by the entire panel of experts. Best regards, Andrew -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
# # $Id: rkey-template.txt,v 1.3 2008/11/06 09:41:48 jim Exp $ # DNS RRTYPE PARAMETER ALLOCATION TEMPLATE A. Submission Date: 6/11/08 B. Submission Type: [x] New RRTYPE [ ] Modification to existing RRTYPE C. Contact Information for submitter: Name: Jim Reid Email Address: jim@telnic.org International telephone number: +44 20 7467 6474 Other contact handles: none (Note: This information will be publicly posted) D. Motivation for the new RRTYPE application? Storage of keying material in the DNS is currently limited to keys used for Secure DNS and transaction authentication. This is somewhat limiting. It is possible to store encrypted data in the DNS: for instance in the RDATA of TXT records and some other RRtypes. A scheme for encrypting NAPTR records is outlined in draft-timms-encrypt-naptr-01. Defining an RRtype which can be used to publish the keys relating to this encrypted DNS data would provide an obvious method for clients to retrieve those keys so that the encrypted data can be decoded. E. Description of the proposed RR type. The format and structure of the proposed RRtype is almost identical to a KEY record. The only differences are the values of the record's flags and protocol fields. In the proposed RRtype, the flags field is set to zero and its protocol field set to 1. Further details about the record format and its potential applications is given in draft-reid-dnsext-rkey-00.txt. F. What existing RRTYPE or RRTYPEs come closest to filling that need and why are they unsatisfactory? The KEY and DNSKEY records are identical in format and structure to the proposed RRtype. Their semantics are different however. These RRtypes cannot be used for publishing arbitrary application keys that could be used to encrypt DNS resource records. DNSKEY is restricted to signatures needed for Secure DNS, DNSSEC. The scope of the KEY record was limited by RFC3445 to eliminate sub-typing and prevent the RRtype being utilised for arbitrary application keys. A new RRtype is therefore needed to permit application keys specifically for encryption of DNS resource records to be stored and published in the DNS. G. What mnemonic is requested for the new RRTYPE (optional)? Note: this can be left blank and the mnemonic decided after the template is accepted. RKEY H. Does the requested RRTYPE make use of any existing IANA Registry or require the creation of a new IANA Sub-registry and in DNS Parameters? Yes. The proposed RRtype uses the IANA sub-registry of security algorithm numbers established by RFC2535 and updated by RFC4034. The proposed RRtype does not require any modifications to that sub-registry. I. Does the proposal require/expect any changes in DNS servers/resolvers that prevent the new type from being processed as an unknown RRTYPE (see [RFC3597])? No. J. Comments: None. _______________________________________________ dns-rrtype-applications mailing list dns-rrtype-applications@ietf.org https://www.ietf.org/mailman/listinfo/dns-rrtype-applications
- [dnsext] RRTYPE request: template for proposed RK… Andrew Sullivan
- Re: [dnsext] RRTYPE request: template for propose… Francis Dupont
- Re: [dnsext] RRTYPE request: template for propose… Jim Reid
- Re: [dnsext] RRTYPE request: template for propose… Francis Dupont
- [dnsext] Re: RRTYPE request: template for propose… Stephane Bortzmeyer
- Re: [dnsext] RRTYPE request: template for propose… Peter Koch
- Re: [dnsext] RRTYPE request: template for propose… Thierry Moreau
- Re: [dnsext] RRTYPE request: template for propose… Jim Reid
- Re: [dnsext] RRTYPE request: template for propose… Thierry Moreau
- Re: [dnsext] RRTYPE request: template for propose… Samuel Weiler
- Re: [dnsext] RRTYPE request: template for propose… Jim Reid
- Re: [dnsext] RRTYPE request: template for propose… Chris Thompson
- Re: [dnsext] RRTYPE request: template for propose… Ondřej Surý
- [dnsext] RRs with 0 TTL Jim Reid
- Re: [dnsext] RRTYPE request: template for propose… Jim Reid
- Re: [dnsext] RRTYPE request: template for propose… Ondřej Surý
- Re: [dnsext] RRTYPE request: template for propose… Chris Thompson