| draft-ietf-dnsext-rfc2538bis-09.txt | | draft-ietf-dnsext-rfc2538bis.txt | |
|---|
| | | | |
| Network Working Group S. Josefsson | | Network Working Group S. Josefsson | |
| | | | |
| Obsoletes: 2538 (if approved) | | Obsoletes: 2538 (if approved) | |
|
| Expires: April 21, 2006 | | Expires: September 2, 2006 | |
| | | | |
| Storing Certificates in the Domain Name System (DNS) | | Storing Certificates in the Domain Name System (DNS) | |
|
| draft-ietf-dnsext-rfc2538bis-09 | | draft-ietf-dnsext-rfc2538bis-10 | |
| | | | |
| Status of this Memo | | Status of this Memo | |
| | | | |
| By submitting this Internet-Draft, each author represents that any | | By submitting this Internet-Draft, each author represents that any | |
| applicable patent or other IPR claims of which he or she is aware | | applicable patent or other IPR claims of which he or she is aware | |
| have been or will be disclosed, and any of which he or she becomes | | have been or will be disclosed, and any of which he or she becomes | |
| aware will be disclosed, in accordance with Section 6 of BCP 79. | | aware will be disclosed, in accordance with Section 6 of BCP 79. | |
| | | | |
| Internet-Drafts are working documents of the Internet Engineering | | Internet-Drafts are working documents of the Internet Engineering | |
| Task Force (IETF), its areas, and its working groups. Note that | | Task Force (IETF), its areas, and its working groups. Note that | |
| | | | |
| skipping to change at page 1, line 34 | | skipping to change at page 1, line 34 | |
|---|
| and may be updated, replaced, or obsoleted by other documents at any | | and may be updated, replaced, or obsoleted by other documents at any | |
| time. It is inappropriate to use Internet-Drafts as reference | | time. It is inappropriate to use Internet-Drafts as reference | |
| material or to cite them other than as "work in progress." | | material or to cite them other than as "work in progress." | |
| | | | |
| The list of current Internet-Drafts can be accessed at | | The list of current Internet-Drafts can be accessed at | |
| http://www.ietf.org/ietf/1id-abstracts.txt. | | http://www.ietf.org/ietf/1id-abstracts.txt. | |
| | | | |
| The list of Internet-Draft Shadow Directories can be accessed at | | The list of Internet-Draft Shadow Directories can be accessed at | |
| http://www.ietf.org/shadow.html. | | http://www.ietf.org/shadow.html. | |
| | | | |
|
| This Internet-Draft will expire on April 21, 2006. | | This Internet-Draft will expire on September 2, 2006. | |
| | | | |
| Copyright Notice | | Copyright Notice | |
| | | | |
|
| Copyright (C) The Internet Society (2005). | | Copyright (C) The Internet Society (2006). | |
| | | | |
| Abstract | | Abstract | |
| | | | |
|
| Cryptographic public keys are frequently published and their | | Cryptographic public keys are frequently published, and their | |
| authenticity demonstrated by certificates. A CERT resource record | | authenticity is demonstrated by certificates. A CERT resource record | |
| (RR) is defined so that such certificates and related certificate | | (RR) is defined so that such certificates and related certificate | |
| revocation lists can be stored in the Domain Name System (DNS). | | revocation lists can be stored in the Domain Name System (DNS). | |
| | | | |
| This document obsoletes RFC 2538. | | This document obsoletes RFC 2538. | |
| | | | |
| Table of Contents | | Table of Contents | |
| | | | |
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |
| 2. The CERT Resource Record . . . . . . . . . . . . . . . . . . . 3 | | 2. The CERT Resource Record . . . . . . . . . . . . . . . . . . . 3 | |
| 2.1. Certificate Type Values . . . . . . . . . . . . . . . . . 4 | | 2.1. Certificate Type Values . . . . . . . . . . . . . . . . . 4 | |
|
| 2.2. Text Representation of CERT RRs . . . . . . . . . . . . . 5 | | 2.2. Text Representation of CERT RRs . . . . . . . . . . . . . 6 | |
| 2.3. X.509 OIDs . . . . . . . . . . . . . . . . . . . . . . . . 6 | | 2.3. X.509 OIDs . . . . . . . . . . . . . . . . . . . . . . . . 6 | |
|
| 3. Appropriate Owner Names for CERT RRs . . . . . . . . . . . . . 6 | | 3. Appropriate Owner Names for CERT RRs . . . . . . . . . . . . . 7 | |
| 3.1. Content-based X.509 CERT RR Names . . . . . . . . . . . . 7 | | 3.1. Content-Based X.509 CERT RR Names . . . . . . . . . . . . 8 | |
| 3.2. Purpose-based X.509 CERT RR Names . . . . . . . . . . . . 8 | | 3.2. Purpose-Based X.509 CERT RR Names . . . . . . . . . . . . 9 | |
| 3.3. Content-based OpenPGP CERT RR Names . . . . . . . . . . . 9 | | 3.3. Content-Based OpenPGP CERT RR Names . . . . . . . . . . . 9 | |
| 3.4. Purpose-based OpenPGP CERT RR Names . . . . . . . . . . . 9 | | 3.4. Purpose-Based OpenPGP CERT RR Names . . . . . . . . . . . 10 | |
| 3.5. Owner names for IPKIX, ISPKI, IPGP, and IACPKIX . . . . . 10 | | 3.5. Owner Names for IPKIX, ISPKI, IPGP, and IACPKIX . . . . . 10 | |
| 4. Performance Considerations . . . . . . . . . . . . . . . . . . 10 | | 4. Performance Considerations . . . . . . . . . . . . . . . . . . 10 | |
| 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11 | | 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 | | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 | |
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |
|
| 9. Changes since RFC 2538 . . . . . . . . . . . . . . . . . . . . 12 | | 9. Changes since RFC 2538 . . . . . . . . . . . . . . . . . . . . 13 | |
| Appendix A. Copying conditions . . . . . . . . . . . . . . . . . 13 | | | |
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 | | 10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 | |
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 14 | | 10.2. Informative References . . . . . . . . . . . . . . . . . . 14 | |
|
| | | Appendix A. Copying Conditions . . . . . . . . . . . . . . . . . 15 | |
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16 | | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16 | |
| Intellectual Property and Copyright Statements . . . . . . . . . . 17 | | Intellectual Property and Copyright Statements . . . . . . . . . . 17 | |
| | | | |
| 1. Introduction | | 1. Introduction | |
| | | | |
|
| Public keys are frequently published in the form of a certificate and | | Public keys are frequently published in the form of a certificate, | |
| their authenticity is commonly demonstrated by certificates and | | and their authenticity is commonly demonstrated by certificates and | |
| related certificate revocation lists (CRLs). A certificate is a | | related certificate revocation lists (CRLs). A certificate is a | |
| binding, through a cryptographic digital signature, of a public key, | | binding, through a cryptographic digital signature, of a public key, | |
| a validity interval and/or conditions, and identity, authorization, | | a validity interval and/or conditions, and identity, authorization, | |
| or other information. A certificate revocation list is a list of | | or other information. A certificate revocation list is a list of | |
|
| certificates that are revoked, and incidental information, all signed | | certificates that are revoked, and of incidental information, all | |
| by the signer (issuer) of the revoked certificates. Examples are | | signed by the signer (issuer) of the revoked certificates. Examples | |
| X.509 certificates/CRLs in the X.500 directory system or OpenPGP | | are X.509 certificates/CRLs in the X.500 directory system or OpenPGP | |
| certificates/revocations used by OpenPGP software. | | certificates/revocations used by OpenPGP software. | |
| | | | |
|
| Section 2 below specifies a CERT resource record (RR) for the storage | | Section 2 specifies a CERT resource record (RR) for the storage of | |
| of certificates in the Domain Name System [1] [2]. | | certificates in the Domain Name System [1] [2]. | |
| | | | |
| Section 3 discusses appropriate owner names for CERT RRs. | | Section 3 discusses appropriate owner names for CERT RRs. | |
| | | | |
|
| Sections 4, 5, and 6 below cover performance, IANA, and security | | Sections 4, 7, and 8 cover performance, security, and IANA | |
| considerations, respectively. | | considerations, respectively. | |
| | | | |
|
| Section 9 explain the changes in this document compared to RFC 2538. | | Section 9 explains the changes in this document compared to RFC 2538. | |
| | | | |
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |
| document are to be interpreted as described in [3]. | | document are to be interpreted as described in [3]. | |
| | | | |
| 2. The CERT Resource Record | | 2. The CERT Resource Record | |
| | | | |
| The CERT resource record (RR) has the structure given below. Its RR | | The CERT resource record (RR) has the structure given below. Its RR | |
| type code is 37. | | type code is 37. | |
| | | | |
| 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 | | 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 | |
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| | type | key tag | | | | type | key tag | | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
| | algorithm | / | | | algorithm | / | |
| +---------------+ certificate or CRL / | | +---------------+ certificate or CRL / | |
| / / | | / / | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | |
| | | | |
|
| The type field is the certificate type as defined in section 2.1 | | The type field is the certificate type as defined in Section 2.1 | |
| below. | | below. | |
| | | | |
|
| The key tag field is the 16 bit value computed for the key embedded | | The key tag field is the 16-bit value computed for the key embedded | |
| in the certificate, using the RRSIG Key Tag algorithm described in | | in the certificate, using the RRSIG Key Tag algorithm described in | |
| Appendix B of [12]. This field is used as an efficiency measure to | | Appendix B of [12]. This field is used as an efficiency measure to | |
| pick which CERT RRs may be applicable to a particular key. The key | | pick which CERT RRs may be applicable to a particular key. The key | |
|
| tag can be calculated for the key in question and then only CERT RRs | | tag can be calculated for the key in question, and then only CERT RRs | |
| with the same key tag need be examined. Note that two different keys | | with the same key tag need to be examined. Note that two different | |
| can have the same key tag. However, the key MUST be transformed to | | keys can have the same key tag. However, the key MUST be transformed | |
| the format it would have as the public key portion of a DNSKEY RR | | to the format it would have as the public key portion of a DNSKEY RR | |
| before the key tag is computed. This is only possible if the key is | | before the key tag is computed. This is only possible if the key is | |
| applicable to an algorithm and complies to limits (such as key size) | | applicable to an algorithm and complies to limits (such as key size) | |
| defined for DNS security. If it is not, the algorithm field MUST be | | defined for DNS security. If it is not, the algorithm field MUST be | |
| zero and the tag field is meaningless and SHOULD be zero. | | zero and the tag field is meaningless and SHOULD be zero. | |
| | | | |
| The algorithm field has the same meaning as the algorithm field in | | The algorithm field has the same meaning as the algorithm field in | |
| DNSKEY and RRSIG RRs [12], except that a zero algorithm field | | DNSKEY and RRSIG RRs [12], except that a zero algorithm field | |
|
| indicates the algorithm is unknown to a secure DNS, which may simply | | indicates that the algorithm is unknown to a secure DNS, which may | |
| be the result of the algorithm not having been standardized for | | simply be the result of the algorithm not having been standardized | |
| DNSSEC [11]. | | for DNSSEC [11]. | |
| | | | |
| 2.1. Certificate Type Values | | 2.1. Certificate Type Values | |
| | | | |
| The following values are defined or reserved: | | The following values are defined or reserved: | |
| | | | |
| Value Mnemonic Certificate Type | | Value Mnemonic Certificate Type | |
| ----- -------- ---------------- | | ----- -------- ---------------- | |
|
| 0 reserved | | 0 Reserved | |
| 1 PKIX X.509 as per PKIX | | 1 PKIX X.509 as per PKIX | |
| 2 SPKI SPKI certificate | | 2 SPKI SPKI certificate | |
| 3 PGP OpenPGP packet | | 3 PGP OpenPGP packet | |
| 4 IPKIX The URL of an X.509 data object | | 4 IPKIX The URL of an X.509 data object | |
| 5 ISPKI The URL of an SPKI certificate | | 5 ISPKI The URL of an SPKI certificate | |
|
| 6 IPGP The URL of an OpenPGP packet | | 6 IPGP The fingerprint and URL of an OpenPGP packet | |
| 7 ACPKIX Attribute Certificate | | 7 ACPKIX Attribute Certificate | |
| 8 IACPKIX The URL of an Attribute Certificate | | 8 IACPKIX The URL of an Attribute Certificate | |
|
| 9-252 available for IANA assignment | | 9-252 Available for IANA assignment | |
| 253 URI URI private | | 253 URI URI private | |
| 254 OID OID private | | 254 OID OID private | |
|
| 255-65023 available for IANA assignment | | 255 Reserved | |
| 65024-65534 experimental | | 256-65279 Available for IANA assignment | |
| 65535 reserved | | 65280-65534 Experimental | |
| | | 65535 Reserved | |
| | | | |
|
| These values represent the initial content of the IANA registry, see | | These values represent the initial content of the IANA registry; see | |
| section 8. | | Section 8. | |
| | | | |
| The PKIX type is reserved to indicate an X.509 certificate conforming | | The PKIX type is reserved to indicate an X.509 certificate conforming | |
|
| to the profile defined by the IETF PKIX working group [9]. The | | to the profile defined by the IETF PKIX working group [8]. The | |
| certificate section will start with a one-octet unsigned OID length | | certificate section will start with a one-octet unsigned OID length | |
| and then an X.500 OID indicating the nature of the remainder of the | | and then an X.500 OID indicating the nature of the remainder of the | |
|
| certificate section (see 2.3 below). (NOTE: X.509 certificates do | | certificate section (see Section 2.3, below). (NOTE: X.509 | |
| not include their X.500 directory type designating OID as a prefix.) | | certificates do not include their X.500 directory-type-designating | |
| The SPKI type is reserved to indicate the SPKI certificate format | | OID as a prefix.) | |
| [15], for use when the SPKI documents are moved from experimental | | | |
| status. | | | |
| | | | |
|
| The PGP type indicates an OpenPGP packet as described in [6] and its | | The SPKI and ISPKI types are reserved to indicate the SPKI | |
| extensions and successors. Two uses are to transfer public key | | certificate format [15], for use when the SPKI documents are moved | |
| material and revocation signatures. The data is binary, and MUST NOT | | from experimental status. The format for these two CERT RR types | |
| | | will need to be specified later. | |
| | | | |
| | | The PGP type indicates an OpenPGP packet as described in [5] and its | |
| | | extensions and successors. This is used to transfer public key | |
| | | material and revocation signatures. The data is binary and MUST NOT | |
| be encoded into an ASCII armor. An implementation SHOULD process | | be encoded into an ASCII armor. An implementation SHOULD process | |
|
| transferable public keys as described in section 10.1 of [6], but it | | transferable public keys as described in Section 10.1 of [5], but it | |
| MAY handle additional OpenPGP packets. | | MAY handle additional OpenPGP packets. | |
| | | | |
|
| The ACPKIX type indicate an Attribute Certificate format [10]. | | The ACPKIX type indicates an Attribute Certificate format [9]. | |
| | | | |
|
| The IPKIX, ISPKI, IPGP, IACPKIX types indicate a URL which will serve | | The IPKIX and IACPKIX types indicate a URL that will serve the | |
| the content that would have been in the "certificate, CRL or URL" | | content that would have been in the "certificate, CRL, or URL" field | |
| field of the corresponding types; PKIX, SPKI, PGP, or ACPKIX | | of the corresponding type (PKIX or ACPKIX, respectively). | |
| respectively. The IPKIX, ISPKI, IPGP and IACPKIX types are known as | | | |
| "indirect". These types MUST be used when the content is too large | | The IPGP type contains both an OpenPGP fingerprint for the key in | |
| to fit in the CERT RR, and MAY be used at the implementer's | | question, as well as a URL. The certificate portion of the IPGP CERT | |
| discretion. They SHOULD NOT be used where the DNS message is 512 | | RR is defined as a one-octet fingerprint length, followed by the | |
| octets or smaller, and could thus be expected to fit a UDP packet. | | OpenPGP fingerprint, followed by the URL. The OpenPGP fingerprint is | |
| | | calculated as defined in RFC 2440 [5]. A zero-length fingerprint or | |
| | | a zero-length URL are legal, and indicate URL-only IPGP data or | |
| | | fingerprint-only IPGP data, respectively. A zero-length fingerprint | |
| | | and a zero-length URL are meaningless and invalid. | |
| | | | |
| | | The IPKIX, ISPKI, IPGP, and IACPKIX types are known as "indirect". | |
| | | These types MUST be used when the content is too large to fit in the | |
| | | CERT RR and MAY be used at the implementer's discretion. They SHOULD | |
| | | NOT be used where the DNS message is 512 octets or smaller and could | |
| | | thus be expected to fit a UDP packet. | |
| | | | |
| The URI private type indicates a certificate format defined by an | | The URI private type indicates a certificate format defined by an | |
| absolute URI. The certificate portion of the CERT RR MUST begin with | | absolute URI. The certificate portion of the CERT RR MUST begin with | |
|
| a null terminated URI [5] and the data after the null is the private | | a NUL-terminated URI [10] and the data after the NUL is the private | |
| format certificate itself. The URI SHOULD be such that a retrieval | | format certificate itself. The URI SHOULD be such that a retrieval | |
| from it will lead to documentation on the format of the certificate. | | from it will lead to documentation on the format of the certificate. | |
| Recognition of private certificate types need not be based on URI | | Recognition of private certificate types need not be based on URI | |
| equality but can use various forms of pattern matching so that, for | | equality but can use various forms of pattern matching so that, for | |
| example, subtype or version information can also be encoded into the | | example, subtype or version information can also be encoded into the | |
| URI. | | URI. | |
| | | | |
| The OID private type indicates a private format certificate specified | | The OID private type indicates a private format certificate specified | |
| by an ISO OID prefix. The certificate section will start with a one- | | by an ISO OID prefix. The certificate section will start with a one- | |
|
| octet unsigned OID length and then a BER encoded OID indicating the | | octet unsigned OID length and then a BER-encoded OID indicating the | |
| nature of the remainder of the certificate section. This can be an | | nature of the remainder of the certificate section. This can be an | |
| X.509 certificate format or some other format. X.509 certificates | | X.509 certificate format or some other format. X.509 certificates | |
| that conform to the IETF PKIX profile SHOULD be indicated by the PKIX | | that conform to the IETF PKIX profile SHOULD be indicated by the PKIX | |
| type, not the OID private type. Recognition of private certificate | | type, not the OID private type. Recognition of private certificate | |
| types need not be based on OID equality but can use various forms of | | types need not be based on OID equality but can use various forms of | |
| pattern matching such as OID prefix. | | pattern matching such as OID prefix. | |
| | | | |
| 2.2. Text Representation of CERT RRs | | 2.2. Text Representation of CERT RRs | |
| | | | |
| The RDATA portion of a CERT RR has the type field as an unsigned | | The RDATA portion of a CERT RR has the type field as an unsigned | |
|
| decimal integer or as a mnemonic symbol as listed in section 2.1 | | decimal integer or as a mnemonic symbol as listed in Section 2.1, | |
| above. | | above. | |
| | | | |
| The key tag field is represented as an unsigned decimal integer. | | The key tag field is represented as an unsigned decimal integer. | |
| | | | |
| The algorithm field is represented as an unsigned decimal integer or | | The algorithm field is represented as an unsigned decimal integer or | |
| a mnemonic symbol as listed in [12]. | | a mnemonic symbol as listed in [12]. | |
| | | | |
|
| The certificate / CRL portion is represented in base 64 [16] and may | | The certificate/CRL portion is represented in base 64 [16] and may be | |
| be divided up into any number of white space separated substrings, | | divided into any number of white-space-separated substrings, down to | |
| down to single base 64 digits, which are concatenated to obtain the | | single base-64 digits, which are concatenated to obtain the full | |
| full signature. These substrings can span lines using the standard | | signature. These substrings can span lines using the standard | |
| parenthesis. | | parenthesis. | |
| | | | |
| Note that the certificate / CRL portion may have internal sub-fields, | | Note that the certificate / CRL portion may have internal sub-fields, | |
| but these do not appear in the master file representation. For | | but these do not appear in the master file representation. For | |
| example, with type 254, there will be an OID size, an OID, and then | | example, with type 254, there will be an OID size, an OID, and then | |
|
| the certificate / CRL proper. But only a single logical base 64 | | the certificate/CRL proper. However, only a single logical base-64 | |
| string will appear in the text representation. | | string will appear in the text representation. | |
| | | | |
| 2.3. X.509 OIDs | | 2.3. X.509 OIDs | |
| | | | |
| OIDs have been defined in connection with the X.500 directory for | | OIDs have been defined in connection with the X.500 directory for | |
| user certificates, certification authority certificates, revocations | | user certificates, certification authority certificates, revocations | |
| of certification authority, and revocations of user certificates. | | of certification authority, and revocations of user certificates. | |
| The following table lists the OIDs, their BER encoding, and their | | The following table lists the OIDs, their BER encoding, and their | |
| length-prefixed hex format for use in CERT RRs: | | length-prefixed hex format for use in CERT RRs: | |
| | | | |
| | | | |
| skipping to change at page 7, line 4 | | skipping to change at page 7, line 27 | |
|---|
| | | | |
| 3. Appropriate Owner Names for CERT RRs | | 3. Appropriate Owner Names for CERT RRs | |
| | | | |
| It is recommended that certificate CERT RRs be stored under a domain | | It is recommended that certificate CERT RRs be stored under a domain | |
| name related to their subject, i.e., the name of the entity intended | | name related to their subject, i.e., the name of the entity intended | |
| to control the private key corresponding to the public key being | | to control the private key corresponding to the public key being | |
| certified. It is recommended that certificate revocation list CERT | | certified. It is recommended that certificate revocation list CERT | |
| RRs be stored under a domain name related to their issuer. | | RRs be stored under a domain name related to their issuer. | |
| | | | |
| Following some of the guidelines below may result in DNS names with | | Following some of the guidelines below may result in DNS names with | |
|
| characters that require DNS quoting as per section 5.1 of RFC 1035 | | characters that require DNS quoting as per Section 5.1 of RFC 1035 | |
| [2]. | | [2]. | |
| | | | |
| The choice of name under which CERT RRs are stored is important to | | The choice of name under which CERT RRs are stored is important to | |
| clients that perform CERT queries. In some situations, the clients | | clients that perform CERT queries. In some situations, the clients | |
| may not know all information about the CERT RR object it wishes to | | may not know all information about the CERT RR object it wishes to | |
| retrieve. For example, a client may not know the subject name of an | | retrieve. For example, a client may not know the subject name of an | |
|
| X.509 certificate, or the e-mail address of the owner of an OpenPGP | | X.509 certificate, or the email address of the owner of an OpenPGP | |
| key. Further, the client might only know the hostname of a service | | key. Further, the client might only know the hostname of a service | |
| that uses X.509 certificates or the Key ID of an OpenPGP key. | | that uses X.509 certificates or the Key ID of an OpenPGP key. | |
| | | | |
| Therefore, two owner name guidelines are defined: content-based owner | | Therefore, two owner name guidelines are defined: content-based owner | |
| names and purpose-based owner names. A content-based owner name is | | names and purpose-based owner names. A content-based owner name is | |
| derived from the content of the CERT RR data; for example, the | | derived from the content of the CERT RR data; for example, the | |
| Subject field in an X.509 certificate or the User ID field in OpenPGP | | Subject field in an X.509 certificate or the User ID field in OpenPGP | |
| keys. A purpose-based owner name is a name that a client retrieving | | keys. A purpose-based owner name is a name that a client retrieving | |
|
| CERT RRs ought to already know; for example, the host name of an | | CERT RRs ought to know already; for example, the host name of an | |
| X.509 protected service or the Key ID of an OpenPGP key. The | | X.509 protected service or the Key ID of an OpenPGP key. The | |
| content-based and purpose-based owner name may be the same; for | | content-based and purpose-based owner name may be the same; for | |
| example, when a client looks up a key based on the From: address of | | example, when a client looks up a key based on the From: address of | |
|
| an incoming e-mail. | | an incoming email. | |
| | | | |
| Implementations SHOULD use the purpose-based owner name guidelines | | Implementations SHOULD use the purpose-based owner name guidelines | |
|
| described in this document, and MAY use CNAME RRs at content-based | | described in this document and MAY use CNAME RRs at content-based | |
| owner names (or other names), pointing to the purpose-based owner | | owner names (or other names), pointing to the purpose-based owner | |
| name. | | name. | |
| | | | |
| Note that this section describes an application-based mapping from | | Note that this section describes an application-based mapping from | |
| the name space used in a certificate to the name space used by DNS. | | the name space used in a certificate to the name space used by DNS. | |
| The DNS does not infer any relationship amongst CERT resource records | | The DNS does not infer any relationship amongst CERT resource records | |
| based on similarities or differences of the DNS owner name(s) of CERT | | based on similarities or differences of the DNS owner name(s) of CERT | |
| resource records. For example, if multiple labels are used when | | resource records. For example, if multiple labels are used when | |
|
| mapping from a CERT identifier to a domain name then care must be | | mapping from a CERT identifier to a domain name, then care must be | |
| taken in understanding wildcard record synthesis. | | taken in understanding wildcard record synthesis. | |
| | | | |
|
| 3.1. Content-based X.509 CERT RR Names | | 3.1. Content-Based X.509 CERT RR Names | |
| | | | |
|
| Some X.509 versions, such as the PKIX profile of X.509 [9], permit | | Some X.509 versions, such as the PKIX profile of X.509 [8], permit | |
| multiple names to be associated with subjects and issuers under | | multiple names to be associated with subjects and issuers under | |
| "Subject Alternative Name" and "Issuer Alternative Name". For | | "Subject Alternative Name" and "Issuer Alternative Name". For | |
| example, the PKIX profile has such Alternate Names with an ASN.1 | | example, the PKIX profile has such Alternate Names with an ASN.1 | |
| specification as follows: | | specification as follows: | |
| | | | |
| GeneralName ::= CHOICE { | | GeneralName ::= CHOICE { | |
| otherName [0] OtherName, | | otherName [0] OtherName, | |
| rfc822Name [1] IA5String, | | rfc822Name [1] IA5String, | |
| dNSName [2] IA5String, | | dNSName [2] IA5String, | |
| x400Address [3] ORAddress, | | x400Address [3] ORAddress, | |
| directoryName [4] Name, | | directoryName [4] Name, | |
| ediPartyName [5] EDIPartyName, | | ediPartyName [5] EDIPartyName, | |
| uniformResourceIdentifier [6] IA5String, | | uniformResourceIdentifier [6] IA5String, | |
| iPAddress [7] OCTET STRING, | | iPAddress [7] OCTET STRING, | |
| registeredID [8] OBJECT IDENTIFIER } | | registeredID [8] OBJECT IDENTIFIER } | |
| | | | |
| The recommended locations of CERT storage are as follows, in priority | | The recommended locations of CERT storage are as follows, in priority | |
| order: | | order: | |
| 1. If a domain name is included in the identification in the | | 1. If a domain name is included in the identification in the | |
|
| certificate or CRL, that ought be used. | | certificate or CRL, that ought to be used. | |
| 2. If a domain name is not included but an IP address is included, | | 2. If a domain name is not included but an IP address is included, | |
| then the translation of that IP address into the appropriate | | then the translation of that IP address into the appropriate | |
| inverse domain name ought to be used. | | inverse domain name ought to be used. | |
| 3. If neither of the above is used, but a URI containing a domain | | 3. If neither of the above is used, but a URI containing a domain | |
| name is present, that domain name ought to be used. | | name is present, that domain name ought to be used. | |
| 4. If none of the above is included but a character string name is | | 4. If none of the above is included but a character string name is | |
|
| included, then it ought to be treated as described for OpenPGP | | included, then it ought to be treated as described below for | |
| names below. | | OpenPGP names. | |
| 5. If none of the above apply, then the distinguished name (DN) | | 5. If none of the above apply, then the distinguished name (DN) | |
| ought to be mapped into a domain name as specified in [4]. | | ought to be mapped into a domain name as specified in [4]. | |
| | | | |
| Example 1: An X.509v3 certificate is issued to /CN=John Doe /DC=Doe/ | | Example 1: An X.509v3 certificate is issued to /CN=John Doe /DC=Doe/ | |
| DC=com/DC=xy/O=Doe Inc/C=XY/ with Subject Alternative Names of (a) | | DC=com/DC=xy/O=Doe Inc/C=XY/ with Subject Alternative Names of (a) | |
| string "John (the Man) Doe", (b) domain name john-doe.com, and (c) | | string "John (the Man) Doe", (b) domain name john-doe.com, and (c) | |
| URI <https://www.secure.john-doe.com:8080/>. The storage locations | | URI <https://www.secure.john-doe.com:8080/>. The storage locations | |
| recommended, in priority order, would be | | recommended, in priority order, would be | |
| 1. john-doe.com, | | 1. john-doe.com, | |
| 2. www.secure.john-doe.com, and | | 2. www.secure.john-doe.com, and | |
| | | | |
| skipping to change at page 8, line 49 | | skipping to change at page 9, line 18 | |
|---|
| | | | |
| Example 2: An X.509v3 certificate is issued to /CN=James Hacker/ | | Example 2: An X.509v3 certificate is issued to /CN=James Hacker/ | |
| L=Basingstoke/O=Widget Inc/C=GB/ with Subject Alternate names of (a) | | L=Basingstoke/O=Widget Inc/C=GB/ with Subject Alternate names of (a) | |
| domain name widget.foo.example, (b) IPv4 address 10.251.13.201, and | | domain name widget.foo.example, (b) IPv4 address 10.251.13.201, and | |
| (c) string "James Hacker <hacker@mail.widget.foo.example>". The | | (c) string "James Hacker <hacker@mail.widget.foo.example>". The | |
| storage locations recommended, in priority order, would be | | storage locations recommended, in priority order, would be | |
| 1. widget.foo.example, | | 1. widget.foo.example, | |
| 2. 201.13.251.10.in-addr.arpa, and | | 2. 201.13.251.10.in-addr.arpa, and | |
| 3. hacker.mail.widget.foo.example. | | 3. hacker.mail.widget.foo.example. | |
| | | | |
|
| 3.2. Purpose-based X.509 CERT RR Names | | 3.2. Purpose-Based X.509 CERT RR Names | |
| | | | |
| Due to the difficulty for clients that do not already possess a | | Due to the difficulty for clients that do not already possess a | |
| certificate to reconstruct the content-based owner name, purpose- | | certificate to reconstruct the content-based owner name, purpose- | |
| based owner names are recommended in this section. Recommendations | | based owner names are recommended in this section. Recommendations | |
| for purpose-based owner names vary per scenario. The following table | | for purpose-based owner names vary per scenario. The following table | |
| summarizes the purpose-based X.509 CERT RR owner name guidelines for | | summarizes the purpose-based X.509 CERT RR owner name guidelines for | |
| use with S/MIME [17], SSL/TLS [13], and IPsec [14]: | | use with S/MIME [17], SSL/TLS [13], and IPsec [14]: | |
| | | | |
| Scenario Owner name | | Scenario Owner name | |
| ------------------ ---------------------------------------------- | | ------------------ ---------------------------------------------- | |
| | | | |
| skipping to change at page 9, line 25 | | skipping to change at page 9, line 43 | |
|---|
| "postmaster.example.org". | | "postmaster.example.org". | |
| | | | |
| TLS Certificate Hostname of the TLS server. | | TLS Certificate Hostname of the TLS server. | |
| | | | |
| IPsec Certificate Hostname of the IPsec machine and/or, for IPv4 | | IPsec Certificate Hostname of the IPsec machine and/or, for IPv4 | |
| or IPv6 addresses, the fully qualified domain | | or IPv6 addresses, the fully qualified domain | |
| name in the appropriate reverse domain. | | name in the appropriate reverse domain. | |
| | | | |
| An alternate approach for IPsec is to store raw public keys [18]. | | An alternate approach for IPsec is to store raw public keys [18]. | |
| | | | |
|
| 3.3. Content-based OpenPGP CERT RR Names | | 3.3. Content-Based OpenPGP CERT RR Names | |
| | | | |
| OpenPGP signed keys (certificates) use a general character string | | OpenPGP signed keys (certificates) use a general character string | |
|
| User ID [6]. However, it is recommended by OpenPGP that such names | | User ID [5]. However, it is recommended by OpenPGP that such names | |
| include the RFC 2822 [8] email address of the party, as in "Leslie | | include the RFC 2822 [7] email address of the party, as in "Leslie | |
| Example <Leslie@host.example>". If such a format is used, the CERT | | Example <Leslie@host.example>". If such a format is used, the CERT | |
| ought to be under the standard translation of the email address into | | ought to be under the standard translation of the email address into | |
| a domain name, which would be leslie.host.example in this case. If | | a domain name, which would be leslie.host.example in this case. If | |
| no RFC 2822 name can be extracted from the string name, no specific | | no RFC 2822 name can be extracted from the string name, no specific | |
| domain name is recommended. | | domain name is recommended. | |
| | | | |
| If a user has more than one email address, the CNAME type can be used | | If a user has more than one email address, the CNAME type can be used | |
|
| to reduce the amount of data stored in the DNS. Example: | | to reduce the amount of data stored in the DNS. For example: | |
| | | | |
| $ORIGIN example.org. | | $ORIGIN example.org. | |
| smith IN CERT PGP 0 0 <OpenPGP binary> | | smith IN CERT PGP 0 0 <OpenPGP binary> | |
| john.smith IN CNAME smith | | john.smith IN CNAME smith | |
| js IN CNAME smith | | js IN CNAME smith | |
| | | | |
|
| 3.4. Purpose-based OpenPGP CERT RR Names | | 3.4. Purpose-Based OpenPGP CERT RR Names | |
| | | | |
| Applications that receive an OpenPGP packet containing encrypted or | | Applications that receive an OpenPGP packet containing encrypted or | |
| signed data but do not know the email address of the sender will have | | signed data but do not know the email address of the sender will have | |
| difficulties constructing the correct owner name and cannot use the | | difficulties constructing the correct owner name and cannot use the | |
| content-based owner name guidelines. However, these clients commonly | | content-based owner name guidelines. However, these clients commonly | |
| know the key fingerprint or the Key ID. The key ID is found in | | know the key fingerprint or the Key ID. The key ID is found in | |
| OpenPGP packets, and the key fingerprint is commonly found in | | OpenPGP packets, and the key fingerprint is commonly found in | |
| auxiliary data that may be available. In this case, use of an owner | | auxiliary data that may be available. In this case, use of an owner | |
| name identical to the key fingerprint and the key ID expressed in | | name identical to the key fingerprint and the key ID expressed in | |
|
| hexadecimal [16] is recommended. Example: | | hexadecimal [16] is recommended. For example: | |
| | | | |
| $ORIGIN example.org. | | $ORIGIN example.org. | |
| 0424D4EE81A0E3D119C6F835EDA21E94B565716F IN CERT PGP ... | | 0424D4EE81A0E3D119C6F835EDA21E94B565716F IN CERT PGP ... | |
| F835EDA21E94B565716F IN CERT PGP ... | | F835EDA21E94B565716F IN CERT PGP ... | |
| B565716F IN CERT PGP ... | | B565716F IN CERT PGP ... | |
| | | | |
| If the same key material is stored for several owner names, the use | | If the same key material is stored for several owner names, the use | |
|
| of CNAME may help to avoid data duplication. Note that CNAME is not | | of CNAME may help avoid data duplication. Note that CNAME is not | |
| always applicable, because it maps one owner name to the other for | | always applicable, because it maps one owner name to the other for | |
| all purposes, which may be sub-optimal when two keys with the same | | all purposes, which may be sub-optimal when two keys with the same | |
| Key ID are stored. | | Key ID are stored. | |
| | | | |
|
| 3.5. Owner names for IPKIX, ISPKI, IPGP, and IACPKIX | | 3.5. Owner Names for IPKIX, ISPKI, IPGP, and IACPKIX | |
| | | | |
| These types are stored under the same owner names, both purpose- and | | These types are stored under the same owner names, both purpose- and | |
|
| content-based, as the PKIX, SPKI, PGP and ACPKIX types. | | content-based, as the PKIX, SPKI, PGP, and ACPKIX types. | |
| | | | |
| 4. Performance Considerations | | 4. Performance Considerations | |
| | | | |
| The Domain Name System (DNS) protocol was designed for small | | The Domain Name System (DNS) protocol was designed for small | |
| transfers, typically below 512 octets. While larger transfers will | | transfers, typically below 512 octets. While larger transfers will | |
| perform correctly and work is underway to make larger transfers more | | perform correctly and work is underway to make larger transfers more | |
|
| efficient, it is still advisable at this time to make every | | efficient, it is still advisable at this time that every reasonable | |
| reasonable effort to minimize the size of certificates stored within | | effort be made to minimize the size of certificates stored within the | |
| the DNS. Steps that can be taken may include using the fewest | | DNS. Steps that can be taken may include using the fewest possible | |
| possible optional or extension fields and using short field values | | optional or extension fields and using short field values for | |
| for necessary variable length fields. | | necessary variable-length fields. | |
| | | | |
| The RDATA field in the DNS protocol may only hold data of size 65535 | | The RDATA field in the DNS protocol may only hold data of size 65535 | |
| octets (64kb) or less. This means that each CERT RR MUST NOT contain | | octets (64kb) or less. This means that each CERT RR MUST NOT contain | |
| more than 64kb of payload, even if the corresponding certificate or | | more than 64kb of payload, even if the corresponding certificate or | |
| certificate revocation list is larger. This document addresses this | | certificate revocation list is larger. This document addresses this | |
| by defining "indirect" data types for each normal type. | | by defining "indirect" data types for each normal type. | |
| | | | |
|
| Deploying CERT RRs to support digitally signed e-mail change the | | Deploying CERT RRs to support digitally signed email changes the | |
| access patterns of DNS lookups from per-domain to per-user. If | | access patterns of DNS lookups from per-domain to per-user. If | |
|
| digitally signed e-mail, and a key/certificate lookup based on CERT | | digitally signed email and a key/certificate lookup based on CERT RRs | |
| RRs, is deployed on a wide scale, this may lead to an increased DNS | | are deployed on a wide scale, this may lead to an increased DNS load, | |
| load, with potential performance and cache effectiveness | | with potential performance and cache effectiveness consequences. | |
| consequencess. Whether this load increase will be noticable or not | | Whether or not this load increase will be noticeable is not known. | |
| is not known. | | | |
| | | | |
| 5. Contributors | | 5. Contributors | |
| | | | |
| The majority of this document is copied verbatim from RFC 2538, by | | The majority of this document is copied verbatim from RFC 2538, by | |
| Donald Eastlake 3rd and Olafur Gudmundsson. | | Donald Eastlake 3rd and Olafur Gudmundsson. | |
| | | | |
| 6. Acknowledgements | | 6. Acknowledgements | |
| | | | |
| Thanks to David Shaw and Michael Graff for their contributions to | | Thanks to David Shaw and Michael Graff for their contributions to | |
| earlier works that motivated, and served as inspiration for, this | | earlier works that motivated, and served as inspiration for, this | |
| document. | | document. | |
| | | | |
| This document was improved by suggestions and comments from Olivier | | This document was improved by suggestions and comments from Olivier | |
| Dubuisson, Scott Hollenbeck, Russ Housley, Peter Koch, Olaf M. | | Dubuisson, Scott Hollenbeck, Russ Housley, Peter Koch, Olaf M. | |
| Kolkman, Ben Laurie, Edward Lewis, John Loughney, Allison Mankin, | | Kolkman, Ben Laurie, Edward Lewis, John Loughney, Allison Mankin, | |
| Douglas Otis, Marcos Sanz, Pekka Savola, Jason Sloderbeck, Samuel | | Douglas Otis, Marcos Sanz, Pekka Savola, Jason Sloderbeck, Samuel | |
|
| Weiler, and Florian Weimer. No doubt the list is incomplete. We | | Weiler, Florian Weimer, and the IANA. No doubt the list is | |
| apologize to anyone we left out. | | incomplete. We apologize to anyone we left out. | |
| | | | |
| 7. Security Considerations | | 7. Security Considerations | |
| | | | |
| By definition, certificates contain their own authenticating | | By definition, certificates contain their own authenticating | |
|
| signature. Thus, it is reasonable to store certificates in non- | | signatures. Thus, it is reasonable to store certificates in non- | |
| secure DNS zones or to retrieve certificates from DNS with DNS | | secure DNS zones or to retrieve certificates from DNS with DNS | |
| security checking not implemented or deferred for efficiency. The | | security checking not implemented or deferred for efficiency. The | |
| results may be trusted if the certificate chain is verified back to a | | results may be trusted if the certificate chain is verified back to a | |
| known trusted key and this conforms with the user's security policy. | | known trusted key and this conforms with the user's security policy. | |
| | | | |
| Alternatively, if certificates are retrieved from a secure DNS zone | | Alternatively, if certificates are retrieved from a secure DNS zone | |
| with DNS security checking enabled and are verified by DNS security, | | with DNS security checking enabled and are verified by DNS security, | |
| the key within the retrieved certificate may be trusted without | | the key within the retrieved certificate may be trusted without | |
| verifying the certificate chain if this conforms with the user's | | verifying the certificate chain if this conforms with the user's | |
| security policy. | | security policy. | |
| | | | |
| If an organization chooses to issue certificates for its employees, | | If an organization chooses to issue certificates for its employees, | |
| placing CERT RR's in the DNS by owner name, and if DNSSEC (with NSEC) | | placing CERT RR's in the DNS by owner name, and if DNSSEC (with NSEC) | |
| is in use, it is possible for someone to enumerate all employees of | | is in use, it is possible for someone to enumerate all employees of | |
| the organization. This is usually not considered desirable, for the | | the organization. This is usually not considered desirable, for the | |
|
| same reason enterprise phone listings are not often publicly | | same reason that enterprise phone listings are not often publicly | |
| published and are even mark confidential. | | published and are even marked confidential. | |
| | | | |
| Using the URI type introduces another level of indirection that may | | Using the URI type introduces another level of indirection that may | |
|
| open a new vulnerability. One method to secure that indirection is | | open a new vulnerability. One method of securing that indirection is | |
| to include a hash of the certificate in the URI itself. | | to include a hash of the certificate in the URI itself. | |
| | | | |
| If DNSSEC is used, then the non-existence of a CERT RR and, | | If DNSSEC is used, then the non-existence of a CERT RR and, | |
| consequently, certificates or revocation lists can be securely | | consequently, certificates or revocation lists can be securely | |
| asserted. Without DNSSEC, this is not possible. | | asserted. Without DNSSEC, this is not possible. | |
| | | | |
| 8. IANA Considerations | | 8. IANA Considerations | |
| | | | |
|
| IANA needs to create a new registry for CERT RR, certificate types. | | The IANA has created a new registry for CERT RR: certificate types. | |
| The initial contents of this registry is: | | The initial contents of this registry is: | |
| | | |