draft-ietf-dnsext-dnssec-online-signing-00.txt

bind 源码 最新实现 linux/unix/windows平台

   signatures that must be generated, a zone may wish to limit the
   number of algorithms in its DNSKEY RRset.

3.  Better Increment & Decrement Functions

   Section 6.2 of RFC4034 defines a strict ordering of DNS names.
   Working backwards from that definition, it should be possible to
   define increment and decrement functions that generate the
   immediately following and preceding names, respectively.  This
   document does not define such functions.  Instead, this section
   presents functions that come reasonably close to the perfect ones.
   As described above, an authoritative server should still ensure than
   no generated NSEC covers any existing name.

   To increment a name, add a leading label with a single null (zero-
   value) octet.

   To decrement a name, decrement the last character of the leftmost
   label, then fill that label to a length of 63 octets with octets of
   value 255.  To decrement a null (zero-value) octet, remove the octet
   -- if an empty label is left, remove the label.  Defining this
   function numerically: fill the left-most label to its maximum length
   with zeros (numeric, not ASCII zeros) and subtract one.

   In response to a query for the non-existent name foo.example.com,
   these functions produce NSEC records of:

     fon\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255.example.com 3600 IN NSEC \000.foo.example.com ( NSEC RRSIG )

     )\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255.example.com 3600 IN NSEC \000.*.example.com ( NSEC RRSIG )

   The first of these NSEC RRs proves that no exact match for
   foo.example.com exists, and the second proves that there is no
   wildcard in example.com.

   Both of these functions are imperfect: they don't take into account
   constraints on number of labels in a name nor total length of a name.
   As noted in the previous section, though, this technique does not
   depend on the use of perfect increment or decrement functions: it is
   sufficient to test whether any instantiated names fall into the span



Weiler & Ihren          Expires November 13, 2005               [Page 6]

Internet-Draft                NSEC Epsilon                      May 2005


   covered by the generated NSEC and, if so, substitute those
   instantiated owner names for the NSEC owner name or next name, as
   appropriate.

4.  IANA Considerations

   Per RFC4041, IANA should think carefully about the protection of
   their immortal souls.

5.  Security Considerations

   This approach requires on-demand generation of RRSIG records.  This
   creates several new vulnerabilities.

   First, on-demand signing requires that a zone's authoritative servers
   have access to its private keys.  Storing private keys on well-known
   internet-accessible servers may make them more vulnerable to
   unintended disclosure.

   Second, since generation of public key signatures tends to be
   computationally demanding, the requirement for on-demand signing
   makes authoritative servers vulnerable to a denial of service attack.

   Lastly, if the increment and decrement functions are predictable, on-
   demand signing may enable a chosen-plaintext attack on a zone's
   private keys.  Zones using this approach should attempt to use
   cryptographic algorithms that are resistant to chosen-plaintext
   attacks.  It's worth noting that while DNSSEC has a "mandatory to
   implement" algorithm, that is a requirement on resolvers and
   validators -- there is no requirement that a zone be signed with any
   given algorithm.

   The success of using minimally covering NSEC record to prevent zone
   walking depends greatly on the quality of the increment and decrement
   functions chosen.  An increment function that chooses a name
   obviously derived from the next instantiated name may be easily
   reverse engineered, destroying the value of this technique.  An
   increment function that always returns a name close to the next
   instantiated name is likewise a poor choice.  Good choices of
   increment and decrement functions are the ones that produce the
   immediately following and preceding names, respectively, though zone
   administrators may wish to use less perfect functions that return
   more human-friendly names than the functions described in Section 3
   above.

   Another obvious but misguided concern is the danger from synthesized
   NSEC records being replayed.  It's possible for an attacker to replay
   an old but still validly signed NSEC record after a new name has been



Weiler & Ihren          Expires November 13, 2005               [Page 7]

Internet-Draft                NSEC Epsilon                      May 2005


   added in the span covered by that NSEC, incorrectly proving that
   there is no record at that name.  This danger exists with DNSSEC as
   defined in [-bis].  The techniques described here actually decrease
   the danger, since the span covered by any NSEC record is smaller than
   before.  Choosing better increment and decrement functions will
   further reduce this danger.

6.  Normative References

   [1]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "DNS Security Introduction and Requirements", RFC 4033,
        March 2005.

   [2]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "Resource Records for the DNS Security Extensions", RFC 4034,
        March 2005.

   [3]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "Protocol Modifications for the DNS Security Extensions",
        RFC 4035, March 2005.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.


Authors' Addresses

   Samuel Weiler
   SPARTA, Inc
   7075 Samuel Morse Drive
   Columbia, Maryland  21046
   US

   Email: weiler@tislabs.com


   Johan Ihren
   Autonomica AB
   Bellmansgatan 30
   Stockholm  SE-118 47
   Sweden

   Email: johani@autonomica.se

Appendix A.  Acknowledgments

   Many individuals contributed to this design.  They include, in
   addition to the authors of this document, Olaf Kolkman, Ed Lewis,



Weiler & Ihren          Expires November 13, 2005               [Page 8]

Internet-Draft                NSEC Epsilon                      May 2005


   Peter Koch, Matt Larson, David Blacka, Suzanne Woolf, Jaap Akkerhuis,
   Jakob Schlyter, Bill Manning, and Joao Damas.

   The key innovation of this document, namely that perfect increment
   and decrement functions are not necessary, arose during a discussion
   among the above-listed people at the RIPE49 meeting in September
   2004.












































Weiler & Ihren          Expires November 13, 2005               [Page 9]

Internet-Draft                NSEC Epsilon                      May 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Weiler & Ihren          Expires November 13, 2005              [Page 10]