rfc2538xml.txt   draft-josefsson-rfc2538bis.txt 
1 1
2Network Working Group S. Josefsson Network Working Group S. Josefsson2
3 3
4Expires: March 2, 2005 Expires: July 25, 20054
5 5
6 Storing Certificates in the Domain Name System (DNS) Storing Certificates in the Domain Name System (DNS)6
7 rfc2538 draft-josefsson-rfc2538bis-027
8 8
9Status of this Memo Status of this Memo9
10 10
11 This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions11
12 of section 3 of RFC 3667. By submitting this Internet-Draft, each of section 3 of RFC 3667. By submitting this Internet-Draft, each12
13 author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of13
14 which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of14
15 which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with15
16 RFC 3668. RFC 3668.16
17 17
skipping to change at page 1, line 35 skipping to change at page 1, line 35
24 and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any24
25 time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference25
26 material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."26
27 27
28 The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at28
29 http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.29
30 30
31 The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at31
32 http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.32
33 33
34 This Internet-Draft will expire on March 2, 2005. This Internet-Draft will expire on July 25, 2005.34
35 35
36Copyright Notice Copyright Notice36
37 37
38 Copyright (C) The Internet Society (2004). Copyright (C) The Internet Society (2005).38
39 39
40Abstract Abstract40
41 41
42 Cryptographic public key are frequently published and their Cryptographic public key are frequently published and their42
43 authenticity demonstrated by certificates. A CERT resource record authenticity demonstrated by certificates. A CERT resource record43
44 (RR) is defined so that such certificates and related certificate (RR) is defined so that such certificates and related certificate44
45 revocation lists can be stored in the Domain Name System (DNS). revocation lists can be stored in the Domain Name System (DNS).45
46 46
More information on this document, including rfcdiff output, may be47
found at <http://josefsson.org/rfc2538bis/>.48
49
47Table of Contents Table of Contents50
48 51
49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 352
50 2. The CERT Resource Record . . . . . . . . . . . . . . . . . . . 3 2. The CERT Resource Record . . . . . . . . . . . . . . . . . . . 353
51 2.1 Certificate Type Values . . . . . . . . . . . . . . . . . 4 2.1 Certificate Type Values . . . . . . . . . . . . . . . . . 454
52 2.2 Text Representation of CERT RRs . . . . . . . . . . . . . 5 2.2 Text Representation of CERT RRs . . . . . . . . . . . . . 555
53 2.3 X.509 OIDs . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 X.509 OIDs . . . . . . . . . . . . . . . . . . . . . . . . 556
54 3. Appropriate Owner Names for CERT RRs . . . . . . . . . . . . . 6 3. Appropriate Owner Names for CERT RRs . . . . . . . . . . . . . 657
55 3.1 X.509 CERT RR Names . . . . . . . . . . . . . . . . . . . 6 3.1 Content-based X.509 CERT RR Names . . . . . . . . . . . . 758
56 3.2 PGP CERT RR Names . . . . . . . . . . . . . . . . . . . . 7 3.2 Purpose-based X.509 CERT RR Names . . . . . . . . . . . . 859
57 4. Performance Considerations . . . . . . . . . . . . . . . . . . 7 3.3 Content-based PGP CERT RR Names . . . . . . . . . . . . . 860
58 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 3.4 Purpose-based PGP CERT RR Names . . . . . . . . . . . . . 961
59 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 4. Performance Considerations . . . . . . . . . . . . . . . . . . 962
60 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5. Size Considerations . . . . . . . . . . . . . . . . . . . . . 963
61 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 1064
62 Intellectual Property and Copyright Statements . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 1065
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 1066
9. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 1167
10. Changes since RFC 2538 . . . . . . . . . . . . . . . . . . . 1168
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 1269
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 1170
11.1 Normative References . . . . . . . . . . . . . . . . . . . . 1171
11.2 Informative References . . . . . . . . . . . . . . . . . . . 1272
A. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 1273
Intellectual Property and Copyright Statements . . . . . . . . 1374
63 75
641. Introduction 1. Introduction76
65 77
66 Public keys are frequently published in the form of a certificate and Public keys are frequently published in the form of a certificate and78
67 their authenticity is commonly demonstrated by certificates and their authenticity is commonly demonstrated by certificates and79
68 related certificate revocation lists (CRLs). A certificate is a related certificate revocation lists (CRLs). A certificate is a80
69 binding, through a cryptographic digital signature, of a public key, binding, through a cryptographic digital signature, of a public key,81
70 a validity interval and/or conditions, and identity, authorization, a validity interval and/or conditions, and identity, authorization,82
71 or other information. A certificate revocation list is a list of or other information. A certificate revocation list is a list of83
72 certificates that are revoked, and incidental information, all signed certificates that are revoked, and incidental information, all signed84
73 by the signer (issuer) of the revoked certificates. Examples are by the signer (issuer) of the revoked certificates. Examples are85
74 X.509 certificates/CRLs in the X.500 directory system or PGP X.509 certificates/CRLs in the X.500 directory system or OpenPGP86
75 certificates/revocations used by PGP software. certificates/revocations used by OpenPGP software.87
76 88
77 Section 2 below specifies a CERT resource record (RR) for the storage Section 2 below specifies a CERT resource record (RR) for the storage89
78 of certificates in the Domain Name System. of certificates in the Domain Name System.90
79 91
80 Section 3 discusses appropriate owner names for CERT RRs. Section 3 discusses appropriate owner names for CERT RRs.92
81 93
82 Sections 4, 5, and 6 below cover performance, IANA, and security Sections 4, 5, and 6 below cover performance, IANA, and security94
83 considerations, respectively. considerations, respectively.95
84 96
85 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",97
86 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this98
87 document are to be interpreted as described in [3]. document are to be interpreted as described in [10].99
88 100
892. The CERT Resource Record 2. The CERT Resource Record101
90 102
91 The CERT resource record (RR) has the structure given below. Its RR The CERT resource record (RR) has the structure given below. Its RR103
92 type code is 37. type code is 37.104
93 105
94 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3106
95 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1107
96 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+108
97 | type | key tag | | type | key tag |109
98 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+110
99 | algorithm | / | algorithm | /111
100 +---------------+ certificate or CRL / +---------------+ certificate or CRL /112
101 / / / /113
102 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|114
103 115
104 The type field is the certificate type as define in section 2.1 The type field is the certificate type as define in section 2.1116
105 below. below.117
106 118
107 The algorithm field has the same meaning as the algorithm field in The algorithm field has the same meaning as the algorithm field in119
108 KEY and SIG RRs [8] except that a zero algorithm field indicates the DNSKEY and RRSIG RRs [9] except that a zero algorithm field indicates120
109 algorithm is unknown to a secure DNS, which may simply be the result the algorithm is unknown to a secure DNS, which may simply be the121
110 of the algorithm not having been standardized for secure DNS. result of the algorithm not having been standardized for DNSSEC.122
111 123
112 The key tag field is the 16 bit value computed for the key embedded The key tag field is the 16 bit value computed for the key embedded124
113 in the certificate as specified in the DNSSEC Standard [8]. This in the certificate, using the RRSIG Key Tag Algorithm described in125
114 field is used as an efficiency measure to pick which CERT RRs may be Appendix B of [9]. This field is used as an efficiency measure to126
115 applicable to a particular key. The key tag can be calculated for pick which CERT RRs may be applicable to a particular key. The key127
116 the key in question and then only CERT RRs with the same key tag need tag can be calculated for the key in question and then only CERT RRs128
117 be examined. However, the key must always be transformed to the with the same key tag need be examined. However, the key must always129
118 format it would have as the public key portion of a KEY RR before the be transformed to the format it would have as the public key portion130
119 key tag is computed. This is only possible if the key is applicable of a DNSKEY RR before the key tag is computed. This is only possible131
120 to an algorithm (and limits such as key size limits) defined for DNS if the key is applicable to an algorithm (and limits such as key size132
121 security. If it is not, the algorithm field MUST BE zero and the tag limits) defined for DNS security. If it is not, the algorithm field133
122 field is meaningless and SHOULD BE zero. MUST BE zero and the tag field is meaningless and SHOULD BE zero.134
123 135
1242.1 Certificate Type Values 2.1 Certificate Type Values136
125 137
126 The following values are defined or reserved: The following values are defined or reserved:138
127 139
128 Value Mnemonic Certificate Type Value Mnemonic Certificate Type140
129 ----- -------- ----------- ---- ----- -------- ----------- ----141
130 0 reserved 0 reserved142
131 1 PKIX X.509 as per PKIX 1 PKIX X.509 as per PKIX143
132 2 SPKI SPKI cert 2 SPKI SPKI certificate144
133 3 PGP PGP cert 3 PGP OpenPGP packet145
134 4-252 available for IANA assignment 4-252 available for IANA assignment146
135 253 URI URI private 253 URI URI private147
136 254 OID OID private 254 OID OID private148
137 255-65534 available for IANA assignment 255-65534 available for IANA assignment149
138 65535 reserved 65535 reserved150
139 151
140 The PKIX type is reserved to indicate an X.509 certificate conforming The PKIX type is reserved to indicate an X.509 certificate conforming152
141 to the profile being defined by the IETF PKIX working group. The to the profile being defined by the IETF PKIX working group. The153
142 certificate section will start with a one byte unsigned OID length certificate section will start with a one byte unsigned OID length154
143 and then an X.500 OID indicating the nature of the remainder of the and then an X.500 OID indicating the nature of the remainder of the155
144 certificate section (see 2.3 below). (NOTE: X.509 certificates do certificate section (see 2.3 below). (NOTE: X.509 certificates do156
145 not include their X.500 directory type designating OID as a prefix.) not include their X.500 directory type designating OID as a prefix.)157
146 158
147 The SPKI type is reserved to indicate a certificate formated as to be The SPKI type is reserved to indicate a certificate formated as to be159
148 specified by the IETF SPKI working group. specified by the IETF SPKI working group.160
149 161
150 The PGP type indicates a Pretty Good Privacy certificate as described The PGP type indicates an OpenPGP packet as described in [5] and its162
151 in [6] and its extensions and successors. extensions and successors. Two uses are to transfer public key163
material and revocation signatures. The data is binary, and MUST NOT164
be encoded into an ASCII armor. An implementation SHOULD process165
transferable public keys as described in section 10.1 of [5], but it166
MAY handle additional OpenPGP packets.167
152 168
153 The URI private type indicates a certificate format defined by an The URI private type indicates a certificate format defined by an169
154 absolute URI. The certificate portion of the CERT RR MUST begin with absolute URI. The certificate portion of the CERT RR MUST begin with170
155 a null terminated URI [5] and the data after the null is the private a null terminated URI [4] and the data after the null is the private171
156 format certificate itself. The URI SHOULD be such that a retrieval format certificate itself. The URI SHOULD be such that a retrieval172
157 from it will lead to documentation on the format of the certificate. from it will lead to documentation on the format of the certificate.173
158 Recognition of private certificate types need not be based on URI Recognition of private certificate types need not be based on URI174
159 equality but can use various forms of pattern matching so that, for equality but can use various forms of pattern matching so that, for175
160 example, subtype or version information can also be encoded into the example, subtype or version information can also be encoded into the176
161 URI. URI.177
162 178
163 The OID private type indicates a private format certificate specified The OID private type indicates a private format certificate specified179
164 by a an ISO OID prefix. The certificate section will start with a by a an ISO OID prefix. The certificate section will start with a180
165 one byte unsigned OID length and then a BER encoded OID indicating one byte unsigned OID length and then a BER encoded OID indicating181
166 the nature of the remainder of the certificate section. This can be the nature of the remainder of the certificate section. This can be182
167 an X.509 certificate format or some other format. X.509 certificates an X.509 certificate format or some other format. X.509 certificates183
168 that conform to the IETF PKIX profile SHOULD be indicated by the PKIX that conform to the IETF PKIX profile SHOULD be indicated by the PKIX184
169 type, not the OID private type. Recognition of private certificate type, not the OID private type. Recognition of private certificate185
170 types need not be based on OID equality but can use various forms of types need not be based on OID equality but can use various forms of186
171 pattern matching such as OID prefix. pattern matching such as OID prefix.187
172 188
1732.2 Text Representation of CERT RRs 2.2 Text Representation of CERT RRs189
174 190
175 The RDATA portion of a CERT RR has the type field as an unsigned The RDATA portion of a CERT RR has the type field as an unsigned191
176 integer or as a mnemonic symbol as listed in section 2.1 above. decimal integer or as a mnemonic symbol as listed in section 2.1192
above.193
177 194
178 The key tag field is represented as an unsigned integer. The key tag field is represented as an unsigned decimal integer.195
179 196
180 The algorithm field is represented as an unsigned integer or a The algorithm field is represented as an unsigned decimal integer or197
181 mnemonic symbol as listed in [8]. a mnemonic symbol as listed in [9].198
182 199
183 The certificate / CRL portion is represented in base 64 and may be The certificate / CRL portion is represented in base 64 [11] and may200
184 divided up into any number of white space separated substrings, down be divided up into any number of white space separated substrings,201
185 to single base 64 digits, which are concatenated to obtain the full down to single base 64 digits, which are concatenated to obtain the202
186 signature. These substrings can span lines using the standard full signature. These substrings can span lines using the standard203
187 parenthesis. parenthesis.204
188 205
189 Note that the certificate / CRL portion may have internal sub-fields Note that the certificate / CRL portion may have internal sub-fields206
190 but these do not appear in the master file representation. For but these do not appear in the master file representation. For207
191 example, with type 254, there will be an OID size, an OID, and then example, with type 254, there will be an OID size, an OID, and then208
192 the certificate / CRL proper. But only a single logical base 64 the certificate / CRL proper. But only a single logical base 64209
193 string will appear in the text representation. string will appear in the text representation.210
194 211
1952.3 X.509 OIDs 2.3 X.509 OIDs212
196 213
skipping to change at page 6, line 31 skipping to change at page 6, line 31
219 name related to their subject, i.e., the name of the entity intended name related to their subject, i.e., the name of the entity intended236
220 to control the private key corresponding to the public key being to control the private key corresponding to the public key being237
221 certified. It is recommended that certificate revocation list CERT certified. It is recommended that certificate revocation list CERT238
222 RRs be stored under a domain name related to their issuer. RRs be stored under a domain name related to their issuer.239
223 240
224 Following some of the guidelines below may result in the use in DNS Following some of the guidelines below may result in the use in DNS241
225 names of characters that require DNS quoting which is to use a names of characters that require DNS quoting which is to use a242
226 backslash followed by the octal representation of the ASCII code for backslash followed by the octal representation of the ASCII code for243
227 the character such as \000 for NULL. the character such as \000 for NULL.244
228 245
2293.1 X.509 CERT RR Names The choice of name under which CERT RRs are stored is important to246
clients that perform CERT queries. In some situations, the client247
may not know all information about the CERT RR object it wishes to248
retrieve. For example, a client may not know the subject name of an249
X.509 certificate, or the e-mail address of the owner of an OpenPGP250
key. Further, the client may only know the hostname of a service251
that uses X.509 certificates or the OpenPGP key id of an OpenPGP key.252
253
This motivate describing two different owner name guidelines. We254
call the two rules content-based owner names and purpose-based owner255
names. A content-based owner name is derived from the content of the256
CERT RR data; for example the Subject field in an X.509 certificate257
or the User ID field in OpenPGP keys. A purpose-based owner name is258
selected to be a name that clients that wishes to retrieve CERT RRs259
knows; for example the host name of a X.509 protected service or a260
OpenPGP key id of an OpenPGP key. Note that in some situations, the261
content-based and purpose-based owner name can be the same; for262
example when a client look up keys based on e-mail addresses for263
incoming e-mail.264
265
[Editorial note: Purpose-based owner name guidelines were introduced266
in RFC 2538bis. Earlier, in RFC 2538, only content-based owner name267
guidelines were described. Implementation experience suggested that268
the content-based owner name guidelines were not generally269
applicable. It was realized that purpose-based owner name guidelines270
were required to use CERT RRs in some ways.]271
272
3.1 Content-based X.509 CERT RR Names273
230 274
231 Some X.509 versions permit multiple names to be associated with Some X.509 versions permit multiple names to be associated with275
232 subjects and issuers under "Subject Alternate Name" and "Issuer subjects and issuers under "Subject Alternate Name" and "Issuer276
233 Alternate Name". For example, x.509v3 has such Alternate Names with Alternate Name". For example, x.509v3 has such Alternate Names with277
234 an ASN.1 specification as follows: an ASN.1 specification as follows:278
235 279
236 GeneralName ::= CHOICE { GeneralName ::= CHOICE {280
237 otherName [0] INSTANCE OF OTHER-NAME, otherName [0] INSTANCE OF OTHER-NAME,281
238 rfc822Name [1] IA5String, rfc822Name [1] IA5String,282
239 dNSName [2] IA5String, dNSName [2] IA5String,283
skipping to change at page 7, line 16 skipping to change at page 7, line 42
252 certificate or CRL, that should be used. certificate or CRL, that should be used.295
253 2. If a domain name is not included but an IP address is included, 2. If a domain name is not included but an IP address is included,296
254 then the translation of that IP address into the appropriate then the translation of that IP address into the appropriate297
255 inverse domain name should be used. inverse domain name should be used.298
256 3. If neither of the above it used but a URI containing a domain 3. If neither of the above it used but a URI containing a domain299
257 name is present, that domain name should be used. name is present, that domain name should be used.300
258 4. If none of the above is included but a character string name is 4. If none of the above is included but a character string name is301
259 included, then it should be treated as described for PGP names in included, then it should be treated as described for PGP names in302
260 3.2 below. 3.2 below.303
261 5. If none of the above apply, then the distinguished name (DN) 5. If none of the above apply, then the distinguished name (DN)304
262 should be mapped into a domain name as specified in [4]. should be mapped into a domain name as specified in [3].305
263 306
264 Example 1: Assume that an X.509v3 certificate is issued to /CN=John Example 1: Assume that an X.509v3 certificate is issued to /CN=John307
265 Doe/DC=Doe/DC=com/DC=xy/O=Doe Inc/C=XY/ with Subject Alternative Doe/DC=Doe/DC=com/DC=xy/O=Doe Inc/C=XY/ with Subject Alternative308
266 names of (a) string "John (the Man) Doe", (b) domain name john- names of (a) string "John (the Man) Doe", (b) domain name john-309
267 doe.com, and (c) uri <https://www.secure.john-doe.com:8080/>. Then doe.com, and (c) uri <https://www.secure.john-doe.com:8080/>. Then310
268 the storage locations recommended, in priority order, would be the storage locations recommended, in priority order, would be311
269 1. john-doe.com, 1. john-doe.com,312
270 2. www.secure.john-doe.com, and 2. www.secure.john-doe.com, and313
271 3. Doe.com.xy. 3. Doe.com.xy.314
272 315
273 Example 2: Assume that an X.509v3 certificate is issued to /CN=James Example 2: Assume that an X.509v3 certificate is issued to /CN=James316
274 Hacker/L=Basingstoke/O=Widget Inc/C=GB/ with Subject Alternate names Hacker/L=Basingstoke/O=Widget Inc/C=GB/ with Subject Alternate names317
275 of (a) domain name widget.foo.example, (b) IPv4 address of (a) domain name widget.foo.example, (b) IPv4 address318
276 10.251.13.201, and (c) string "James Hacker 10.251.13.201, and (c) string "James Hacker319
277 <hacker@mail.widget.foo.example>". Then the storage locations <hacker@mail.widget.foo.example>". Then the storage locations320
278 recommended, in priority order, would be recommended, in priority order, would be321
279 1. widget.foo.example, 1. widget.foo.example,322
280 2. 201.13.251.10.in-addr.arpa, and 2. 201.13.251.10.in-addr.arpa, and323
281 3. hacker.mail.widget.foo.example. 3. hacker.mail.widget.foo.example.324
282 325
2833.2 PGP CERT RR Names 3.2 Purpose-based X.509 CERT RR Names326
284 327
285 PGP signed keys (certificates) use a general character string User ID It is difficult for clients that do not already posses a certificate328
286 [6]. However, it is recommended by PGP that such names include the to reconstruct the content-based owner name that should be used to329
287 RFC 822 email address of the party, as in "Leslie Example retrieve the certificate. For this reason, purpose-based owner names330
288 <Leslie@host.example>". If such a format is used, the CERT should be are recommended in this section. Because purpose-based owner names331
289 under the standard translation of the email address into a domain by nature depend on the specific scenario, or purpose, for which the332
290 name, which would be leslie.host.example in this case. If no RFC 822 certificate will be used, there are more than one recommendation.333
291 name can be extracted from the string name no specific domain name is The following table summarize the purpose-based X.509 CERT RR owner334
292 recommended. name guidelines.335
336
Scenario Owner name337
-------------------------------------------------------------------338
S/MIME Certificate Standard translation of RFC 822 email address.339
Example: A S/MIME certificate for340
"postmaster@example.org" will use a standard341
hostname translation of the owner name,342
i.e. "postmaster.example.org".343
344
SSL Certificate Hostname of the SSL server.345
346
IPSEC Certificate Hostname of the IPSEC machine, and/or347
for the in-addr.arpa reverse lookup IP address.348
349
CRLs Hostname of the issuing CA.350
351
3.3 Content-based PGP CERT RR Names352
353
OpenPGP signed keys (certificates) use a general character string354
User ID [5]. However, it is recommended by PGP that such names355
include the RFC 2822 [7] email address of the party, as in "Leslie356
Example <Leslie@host.example>". If such a format is used, the CERT357
should be under the standard translation of the email address into a358
domain name, which would be leslie.host.example in this case. If no359
RFC 2822 name can be extracted from the string name no specific360
domain name is recommended.361
362
If a user has more than one email address, the CNAME type can be used363
to reduce the amount of data stored in the DNS. For example:364
365
$ORIGIN example.org.366
smith IN CERT PGP 0 0 <OpenPGP binary>367
john.smith IN CNAME smith368
js IN CNAME smith369
370
3.4 Purpose-based PGP CERT RR Names371
372
Applications that receive an OpenPGP packet but do not know the email373
address of the sender will have difficulties guessing the correct374
owner name, and cannot use the content-based owner name guidelines.375
However, the OpenPGP packet typically contain the Key ID of the key.376
In these situations, it is recommended to use an owner name derived377
from the Key ID. For example:378
379
$ORIGIN example.org.380
F835EDA21E94B565716F IN CERT PGP ...381
B565716F IN CNAME F835EDA21E94B565716F382
383
As before, if the same key material is stored at several owner names,384
using CNAME can be used to avoid data duplication.385
293 386
2944. Performance Considerations 4. Performance Considerations387
295 388
296 Current Domain Name System (DNS) implementations are optimized for Current Domain Name System (DNS) implementations are optimized for389
297 small transfers, typically not more than 512 bytes including small transfers, typically not more than 512 bytes including390
298 overhead. While larger transfers will perform correctly and work is overhead. While larger transfers will perform correctly and work is391
299 underway to make larger transfers more efficient, it is still underway to make larger transfers more efficient, it is still392
300 advisable at this time to make every reasonable effort to minimize advisable at this time to make every reasonable effort to minimize393
301 the size of certificates stored within the DNS. Steps that can be the size of certificates stored within the DNS. Steps that can be394
302 taken may include using the fewest possible optional or extensions taken may include using the fewest possible optional or extensions395
303 fields and using short field values for variable length fields that fields and using short field values for variable length fields that396
304 must be included. must be included.397
305 398
3065. IANA Considerations 5. Size Considerations399
307 400
308 Certificate types 0x0000 through 0x00FF and 0xFF00 through 0xFFFF can The RDATA field in the DNS protocol may only hold data of size 65535401
309 only be assigned by an IETF standards action [7] (and this document octets (64kb) or less. This means that each CERT RR cannot contain402
310 assigns 0x0001 through 0x0003 and 0x00FD and 0x00FE). Certificate more than 64kb worth of payload, even if the corresponding403
311 types 0x0100 through 0xFEFF are assigned through IETF Consensus [7] certificate or certificate revocation list is larger. This document404
312 based on RFC documentation of the certificate type. The availability do not address this limitation.405
313 of private types under 0x00FD and 0x00FE should satisfy most
314 requirements for proprietary or private types.
315 406
3166. Security Considerations 6. Acknowledgements407
408
The majority of this document is copied verbatim from RFC 2538, by409
Donald Eastlake 3rd and Olafur Gudmundsson.410
411
The author wishes to thank David Shaw and Michael Graff for their412
contributions to the earlier work that motivated this revised413
document.414
415
Florian Weimer suggested to clarify wording regarding what data can416
be stored in RRDATA portion of OpenPGP CERT RRs, and that the URI417
type may include hashes to secure the indirection. Olivier Dubuisson418
confirmed that the X.509 OID were indeed correct.419
420
7. Security Considerations421
317 422
318 By definition, certificates contain their own authenticating By definition, certificates contain their own authenticating423
319 signature. Thus it is reasonable to store certificates in non-secure signature. Thus it is reasonable to store certificates in non-secure424
320 DNS zones or to retrieve certificates from DNS with DNS security DNS zones or to retrieve certificates from DNS with DNS security425
321 checking not implemented or deferred for efficiency. The results MAY checking not implemented or deferred for efficiency. The results MAY426
322 be trusted if the certificate chain is verified back to a known be trusted if the certificate chain is verified back to a known427
323 trusted key and this conforms with the user's security policy. trusted key and this conforms with the user's security policy.428
324 429
325 Alternatively, if certificates are retrieved from a secure DNS zone Alternatively, if certificates are retrieved from a secure DNS zone430
326 with DNS security checking enabled and are verified by DNS security, with DNS security checking enabled and are verified by DNS security,431
327 the key within the retrieved certificate MAY be trusted without the key within the retrieved certificate MAY be trusted without432
328 verifying the certificate chain if this conforms with the user's verifying the certificate chain if this conforms with the user's433
329 security policy. security policy.434
330 435
When the URI type is used, it should be understood that is introduce436
an additional indirection that may allow for a new attack vector.437
One method to secure that indirection is to include a hash of the438
certificate in the URI itself.439
440
331 CERT RRs are not used in connection with securing the DNS security CERT RRs are not used in connection with securing the DNS security441
332 additions so there are no security considerations related to CERT RRs additions so there are no security considerations related to CERT RRs442
333 and securing the DNS itself. and securing the DNS itself.443
334 444
3357 References 8. IANA Considerations445
446
Certificate types 0x0000 through 0x00FF and 0xFF00 through 0xFFFF can447
only be assigned by an IETF standards action [6]. This document448
assigns 0x0001 through 0x0003 and 0x00FD and 0x00FE. Certificate449
types 0x0100 through 0xFEFF are assigned through IETF Consensus [6]450
based on RFC documentation of the certificate type. The availability451
of private types under 0x00FD and 0x00FE should satisfy most452
requirements for proprietary or private types.453
454
9. Open Issues455
456
1. Whether to enforce owner name guidelines with SHOULD/MUST. From457
David Shaw (on OpenPGP): "One of the things that struck me when458
reading this draft is that while there are several suggested ways459
to name keys in DNS, there is no one canonical name as a SHOULD460
or MUST. I suggest that the key fingerprint be the canonical461
name, and all others be CNAMEs pointing to the fingerprint462
name.". From Sean P. Turner (on PKIX): "Should "recommended" be463
"RECOMMENDED" in the 1st and 2nd sentences?" referring to the464
text in section 3 that recommend appropriate owner names.465
2. Should the document suggest use of both full fingerprints, 4/8466
byte OpenPGP key id owner names? Perhaps only fingerprint467
version.468
469
10. Changes since RFC 2538470
471
1. Editorial changes to conform with new document requirements,472
including splitting reference section into two parts and updating473
references to point at latest versions.474
2. Improve terminology. For example replace "PGP" with "OpenPGP",475
to align with RFC 2440.476
3. In section 2.1, clarify that OpenPGP public key data are binary,477
not the ASCII armored format, and reference 10.1 in RFC 2440 on478
how to deal with OpenPGP keys, and acknowledge that479
implementations may handle additional packet types.480
4. Clarify that integers in the representation format are decimal.481
5. Replace KEY/SIG with DNSKEY/RRSIG etc, to align with DNSSECbis482
terminology.483
6. Add examples that suggest use of CNAME to reduce bandwidth.484
7. In section 3, add three paragraphs that discuss "content-based"485
vs "purpose-based" owner names. Add section 3.2 for486
purpose-based X.509 CERT owner names, and section 3.4 for487
purpose-based OpenPGP CERT owner names.488
489
11. References490
491
11.1 Normative References492
336 493
337 [1] Mockapetris, P., "Domain names - concepts and facilities", STD [1] Mockapetris, P., "Domain names - concepts and facilities", STD494
338 13, RFC 1034, November 1987. 13, RFC 1034, November 1987.495
339 496
340 [2] Mockapetris, P., "Domain names - implementation and [2] Mockapetris, P., "Domain names - implementation and497
341 specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.498
342 499
343 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Kille, S., Wahl, M., Grimstad, A., Huber, R. and S. Sataluri,500
344 Levels", BCP 14, RFC 2119, March 1997.
345
346 [4] Kille, S., Wahl, M., Grimstad, A., Huber, R. and S. Sataluri,
347 "Using Domains in LDAP/X.500 Distinguished Names", RFC 2247, "Using Domains in LDAP/X.500 Distinguished Names", RFC 2247,501
348 January 1998. January 1998.502
349 503
350 [5] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource [4] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource504
351 Identifiers (URI): Generic Syntax", RFC 2396, August 1998. Identifiers (URI): Generic Syntax", RFC 2396, August 1998.505
352 506
353 [6] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP [5] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP507
354 Message Format", RFC 2440, November 1998. Message Format", RFC 2440, November 1998.508
355 509
356 [7] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA [6] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA510
357 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.511
358 512
359 [8] Eastlake, D., "Domain Name System Security Extensions", RFC [7] Resnick, P., "Internet Message Format", RFC 2822, April 2001.513
360 2535, March 1999.
361 514
362 [9] Housley, R., Ford, W., Polk, T. and D. Solo, "Internet X.509 [8] Arends, R., Austein, R., Massey, D., Larson, M. and S. Rose,515
363 Public Key Infrastructure Certificate and CRL Profile", RFC "DNS Security Introduction and Requirements",516
364 2459, January 1999. draft-ietf-dnsext-dnssec-intro-13 (work in progress), October517
2004.518
519
[9] Arends, R., "Resource Records for the DNS Security Extensions",520
draft-ietf-dnsext-dnssec-records-11 (work in progress), October521
2004.522
523
11.2 Informative References524
525
[10] Bradner, S., "Key words for use in RFCs to Indicate Requirement526
Levels", BCP 14, RFC 2119, March 1997.527
528
[11] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings",529
RFC 3548, July 2003.530
365 531
366Author's Address Author's Address532
367 533
368 Simon Josefsson Simon Josefsson534
369 535
370 EMail: simon@josefsson.org EMail: simon@josefsson.org536
371 537
Appendix A. Copying conditions538
539
Regarding the portion of this document that was written by Simon540
Josefsson ("the author", for the remainder of this section), the541
author makes no guarantees and is not responsible for any damage542
resulting from its use. The author grants irrevocable permission to543
anyone to use, modify, and distribute it in any way that does not544
diminish the rights of anyone else to use, modify, and distribute it,545
provided that redistributed derivative works do not contain546
misleading author or version information. Derivative works need not547
be licensed under similar terms.548
549
372Intellectual Property Statement Intellectual Property Statement550
373 551
374 The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any552
375 Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to553
376 pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in554
377 this document or the extent to which any license under such rights this document or the extent to which any license under such rights555
378 might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has556
379 made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information557
380 on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be558
381 found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.559
skipping to change at page 10, line 41 skipping to change at page 13, line 41
398 This document and the information contained herein are provided on an This document and the information contained herein are provided on an576
399 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS577
400 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET578
401 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,579
402 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE580
403 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED581
404 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.582
405 583
406Copyright Statement Copyright Statement584
407 585
408 Copyright (C) The Internet Society (2004). This document is subject Copyright (C) The Internet Society (2005). This document is subject586
409 to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and587
410 except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.588
411 589
412Acknowledgment Acknowledgment590
413 591
414 Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the592
415 Internet Society. Internet Society.593
 End of changes. 

This html diff was produced by rfcdiff 1.14, available from http://www.levkowetz.com/ietf/tools/rfcdiff/