draft-ietf-dnsext-dnssec-online-signing-02.txt

来自「非常好的dns解析软件」· 文本 代码 · 共 617 行 · 第 1/2 页

   Section 6.1 of RFC4034 defines a strict ordering of DNS names.
   Working backwards from that definition, it should be possible to
   define epsilon functions that generate the immediately following and
   preceding names, respectively.  This document does not define such
   functions.  Instead, this section presents functions that come
   reasonably close to the perfect ones.  As described above, an
   authoritative server should still ensure than no generated NSEC
   covers any existing name.

   To increment a name, add a leading label with a single null (zero-
   value) octet.

   To decrement a name, decrement the last character of the leftmost
   label, then fill that label to a length of 63 octets with octets of
   value 255.  To decrement a null (zero-value) octet, remove the octet
   -- if an empty label is left, remove the label.  Defining this
   function numerically: fill the left-most label to its maximum length
   with zeros (numeric, not ASCII zeros) and subtract one.

   In response to a query for the non-existent name foo.example.com,
   these functions produce NSEC records of:




Weiler & Ihren            Expires July 24, 2006                 [Page 6]

Internet-Draft                NSEC Epsilon                  January 2006


     fon\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255.example.com 3600 IN NSEC \000.foo.example.com ( NSEC RRSIG )

     \)\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
     \255\255.example.com 3600 IN NSEC \000.*.example.com ( NSEC RRSIG )

   The first of these NSEC RRs proves that no exact match for
   foo.example.com exists, and the second proves that there is no
   wildcard in example.com.

   Both of these functions are imperfect: they don't take into account
   constraints on number of labels in a name nor total length of a name.
   As noted in the previous section, though, this technique does not
   depend on the use of perfect epsilon functions: it is sufficient to
   test whether any instantiated names fall into the span covered by the
   generated NSEC and, if so, substitute those instantiated owner names
   for the NSEC owner name or next name, as appropriate.


5.  IANA Considerations

   This document specifies no IANA Actions.


6.  Security Considerations

   This approach requires on-demand generation of RRSIG records.  This
   creates several new vulnerabilities.

   First, on-demand signing requires that a zone's authoritative servers
   have access to its private keys.  Storing private keys on well-known
   internet-accessible servers may make them more vulnerable to
   unintended disclosure.

   Second, since generation of digital signatures tends to be
   computationally demanding, the requirement for on-demand signing
   makes authoritative servers vulnerable to a denial of service attack.

   Lastly, if the epsilon functions are predictable, on-demand signing
   may enable a chosen-plaintext attack on a zone's private keys.  Zones
   using this approach should attempt to use cryptographic algorithms
   that are resistant to chosen-plaintext attacks.  It's worth noting



Weiler & Ihren            Expires July 24, 2006                 [Page 7]

Internet-Draft                NSEC Epsilon                  January 2006


   that while DNSSEC has a "mandatory to implement" algorithm, that is a
   requirement on resolvers and validators -- there is no requirement
   that a zone be signed with any given algorithm.

   The success of using minimally covering NSEC record to prevent zone
   walking depends greatly on the quality of the epsilon functions
   chosen.  An increment function that chooses a name obviously derived
   from the next instantiated name may be easily reverse engineered,
   destroying the value of this technique.  An increment function that
   always returns a name close to the next instantiated name is likewise
   a poor choice.  Good choices of epsilon functions are the ones that
   produce the immediately following and preceding names, respectively,
   though zone administrators may wish to use less perfect functions
   that return more human-friendly names than the functions described in
   Section 4 above.

   Another obvious but misguided concern is the danger from synthesized
   NSEC records being replayed.  It's possible for an attacker to replay
   an old but still validly signed NSEC record after a new name has been
   added in the span covered by that NSEC, incorrectly proving that
   there is no record at that name.  This danger exists with DNSSEC as
   defined in [3].  The techniques described here actually decrease the
   danger, since the span covered by any NSEC record is smaller than
   before.  Choosing better epsilon functions will further reduce this
   danger.

7.  Normative References

   [1]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "DNS Security Introduction and Requirements", RFC 4033,
        March 2005.

   [2]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "Resource Records for the DNS Security Extensions", RFC 4034,
        March 2005.

   [3]  Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
        "Protocol Modifications for the DNS Security Extensions",
        RFC 4035, March 2005.

   [4]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.


Appendix A.  Acknowledgments

   Many individuals contributed to this design.  They include, in
   addition to the authors of this document, Olaf Kolkman, Ed Lewis,



Weiler & Ihren            Expires July 24, 2006                 [Page 8]

Internet-Draft                NSEC Epsilon                  January 2006


   Peter Koch, Matt Larson, David Blacka, Suzanne Woolf, Jaap Akkerhuis,
   Jakob Schlyter, Bill Manning, and Joao Damas.

   In addition, the editors would like to thank Ed Lewis, Scott Rose,
   and David Blacka for their careful review of the document.














































Weiler & Ihren            Expires July 24, 2006                 [Page 9]

Internet-Draft                NSEC Epsilon                  January 2006


Authors' Addresses

   Samuel Weiler
   SPARTA, Inc
   7075 Samuel Morse Drive
   Columbia, Maryland  21046
   US

   Email: weiler@tislabs.com


   Johan Ihren
   Autonomica AB
   Bellmansgatan 30
   Stockholm  SE-118 47
   Sweden

   Email: johani@autonomica.se

































Weiler & Ihren            Expires July 24, 2006                [Page 10]

Internet-Draft                NSEC Epsilon                  January 2006


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Weiler & Ihren            Expires July 24, 2006                [Page 11]