draft-josefsson-dns-url-12.txt | draft-josefsson-dns-url.txt | |||
---|---|---|---|---|
Network Working Group S. Josefsson | Network Working Group S. Josefsson | |||
Expires: November 26, 2005 | Expires: February 6, 2006 | |||
Domain Name System Uniform Resource Identifiers | Domain Name System Uniform Resource Identifiers | |||
draft-josefsson-dns-url-12 | draft-josefsson-dns-url-13 | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on November 26, 2005. | This Internet-Draft will expire on February 6, 2006. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2005). | |||
Abstract | Abstract | |||
This document define Uniform Resource Identifiers for Domain Name | This document define Uniform Resource Identifiers for Domain Name | |||
System resources. | System resources. | |||
skipping to change at page 2, line 26 | skipping to change at page 2, line 26 | |||
9.1 Normative References . . . . . . . . . . . . . . . . . . . 10 | 9.1 Normative References . . . . . . . . . . . . . . . . . . . 10 | |||
9.2 Informative References . . . . . . . . . . . . . . . . . . 10 | 9.2 Informative References . . . . . . . . . . . . . . . . . . 10 | |||
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 11 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
A. Revision Changes . . . . . . . . . . . . . . . . . . . . . . . 11 | A. Revision Changes . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
A.1 Changes since -06 . . . . . . . . . . . . . . . . . . . . 11 | A.1 Changes since -06 . . . . . . . . . . . . . . . . . . . . 11 | |||
A.2 Changes since -07 . . . . . . . . . . . . . . . . . . . . 12 | A.2 Changes since -07 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.3 Changes since -08 . . . . . . . . . . . . . . . . . . . . 12 | A.3 Changes since -08 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.4 Changes since -09 . . . . . . . . . . . . . . . . . . . . 12 | A.4 Changes since -09 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.5 Changes since -10 . . . . . . . . . . . . . . . . . . . . 12 | A.5 Changes since -10 . . . . . . . . . . . . . . . . . . . . 12 | |||
A.6 Changes since -11 . . . . . . . . . . . . . . . . . . . . 12 | A.6 Changes since -11 . . . . . . . . . . . . . . . . . . . . 12 | |||
Intellectual Property and Copyright Statements . . . . . . . . 13 | A.7 Changes since -12 . . . . . . . . . . . . . . . . . . . . 13 | |||
Intellectual Property and Copyright Statements . . . . . . . . 14 | ||||
1. Introduction and Background | 1. Introduction and Background | |||
The Domain Name System (DNS) [1] [2] is a widely deployed system used | The Domain Name System (DNS) [1] [2] is a widely deployed system used | |||
to, among other things, translate host names into IP addresses. | to, among other things, translate host names into IP addresses. | |||
Recent work has added support for storing certificates and | Several protocols are using Uniform Resource Identifier (URI) to | |||
certificate revocation lists (CRLs) in the DNS [9]. Several | refer to data. By defining a URI scheme for DNS data, the gap | |||
protocols use Uniform Resource Locators (URLs) to point at | between these two worlds are bridged. The DNS URI scheme defined | |||
certificates and CRLs. By defining a Uniform Resource Identifier | here can be used to reference any data stored in the DNS. | |||
(URI) scheme for DNS resources, such protocols can reference | ||||
certificates and CRLs stored in the DNS. | ||||
Two examples of data structures that may embed DNS URIs: | ||||
o The OpenPGP Message Format [7], where an end-user may indicate the | ||||
location of a copy of any updates to her key, using the "preferred | ||||
key server" field. | ||||
o The Internet X.509 Public Key Infrastructure [14] format, where | ||||
the issuer may use a DNS URI in a CRL Distribution Point | ||||
certificate extension field. | ||||
The DNS URI scheme defined here can be used to reference any data | ||||
stored in the DNS, and is not limited to certificates or CRLs. The | ||||
purpose of this specification is to define a generic DNS URI, not to | ||||
specify a solution only for certificates stored in the DNS. | ||||
Data browsers may support DNS URIs by forming DNS queries and render | Data browsers may support DNS URIs by forming DNS queries and render | |||
DNS responses using HTML [13], similar to what is commonly done for | DNS responses using HTML [14], similar to what is commonly done for | |||
FTP [6] resources. | FTP [6] resources. Applications that are Multipurpose Internet Mail | |||
Extension (MIME) [7] aware may tag DNS data retrieve using this | ||||
scheme with the text/dns or application/dns types as specified in | ||||
[18]. | ||||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
document are to be interpreted as described in RFC 2119 [3]. | document are to be interpreted as described in RFC 2119 [3]. | |||
2. Usage Model | 2. Usage Model | |||
The reader is referred to section 1 of [5] for an in-depth discussion | The reader is referred to section 1 of [5] for an in-depth discussion | |||
of URI classifications. In particular, the reader is assumed to be | of URI classifications. In particular, the reader is assumed to be | |||
familiar with the "name" vs "locator" distinction. This section | familiar with the "name" vs "locator" distinction. This section | |||
skipping to change at page 5, line 8 | skipping to change at page 5, line 8 | |||
certain applications, a more detailed URI syntax that map more | certain applications, a more detailed URI syntax that map more | |||
closely to the DNS protocol may be required. However, such an URI | closely to the DNS protocol may be required. However, such an URI | |||
definition is not included in this document. This document specify a | definition is not included in this document. This document specify a | |||
URI that is primarily intended to name DNS resources, but it can also | URI that is primarily intended to name DNS resources, but it can also | |||
be used to locate said resources for simple (but common) | be used to locate said resources for simple (but common) | |||
applications. | applications. | |||
3. DNS URI Registration | 3. DNS URI Registration | |||
The section contain the registration template for the DNS URI scheme | The section contain the registration template for the DNS URI scheme | |||
in accordance with [12]. | in accordance with [13]. | |||
URL scheme name: "dns". | URL scheme name: "dns". | |||
URL scheme syntax: A DNS URI designate a DNS resource record set, | URL scheme syntax: A DNS URI designate a DNS resource record set, | |||
referenced by domain name, class, type and optionally the authority. | referenced by domain name, class, type and optionally the authority. | |||
The DNS URI follows the generic syntax from RFC 3986 [5], and is | The DNS URI follows the generic syntax from RFC 3986 [5], and is | |||
described using ABNF [4]. Strings are not case sensitive and free | described using ABNF [4]. Strings are not case sensitive and free | |||
insertion of linear-white-space is not permitted. | insertion of linear-white-space is not permitted. | |||
dnsurl = "dns:" [ "//" dnsauthority "/" ] | dnsurl = "dns:" [ "//" dnsauthority "/" ] | |||
skipping to change at page 7, line 46 | skipping to change at page 7, line 46 | |||
interoperability impact though. | interoperability impact though. | |||
Interoperability problems may occur if one entity understands a new | Interoperability problems may occur if one entity understands a new | |||
DNS class/type mnemonic and another entity do not understand it. | DNS class/type mnemonic and another entity do not understand it. | |||
This is an interoperability problem for DNS software in general, | This is an interoperability problem for DNS software in general, | |||
although it is not a major practical problem as the DNS types and | although it is not a major practical problem as the DNS types and | |||
classes are fairly static. To guarantee interoperability | classes are fairly static. To guarantee interoperability | |||
implementations can use integers for all mnemonics not defined in | implementations can use integers for all mnemonics not defined in | |||
[2]. | [2]. | |||
Interaction with Binary Labels [11], or other extended label types, | Interaction with Binary Labels [12], or other extended label types, | |||
has not been analyzed. However, they appear to be infrequently used | has not been analyzed. However, they appear to be infrequently used | |||
in practice. | in practice. | |||
Contact: simon@josefsson.org | Contact: simon@josefsson.org | |||
Author/Change Controller: simon@josefsson.org | Author/Change Controller: simon@josefsson.org | |||
4. Examples | 4. Examples | |||
A DNS URI is of the following general form. This is intended to | A DNS URI is of the following general form. This is intended to | |||
illustrate, not define, the scheme. | illustrate, not define, the scheme. | |||
skipping to change at page 9, line 24 | skipping to change at page 9, line 24 | |||
If a DNS URI references domains in the Internet DNS environment, both | If a DNS URI references domains in the Internet DNS environment, both | |||
the URI itself and the information referenced by the URI is public | the URI itself and the information referenced by the URI is public | |||
information. If a DNS URI is used within an "internal" DNS | information. If a DNS URI is used within an "internal" DNS | |||
environment, both the DNS URI and the data is referenced should be | environment, both the DNS URI and the data is referenced should be | |||
handled using the same considerations that apply to DNS data in the | handled using the same considerations that apply to DNS data in the | |||
environment. | environment. | |||
If information referenced by DNS URIs are used to make security | If information referenced by DNS URIs are used to make security | |||
decisions (examples of such data include, but is not limited to, | decisions (examples of such data include, but is not limited to, | |||
certificates stored in the DNS), implementations may need to employ | certificates stored in the DNS [10]), implementations may need to | |||
security techniques such as Secure DNS [8], or even CMS [15] or | employ security techniques such as Secure DNS [9], or even CMS [15] | |||
OpenPGP [7], to protect the data during transport. How to implement | or OpenPGP [8], to protect the data during transport. How to | |||
this will depend on the usage scenario, and it is not up to this URI | implement this will depend on the usage scenario, and it is not up to | |||
scheme to define how the data referenced by DNS URIs should be | this URI scheme to define how the data referenced by DNS URIs should | |||
protected. | be protected. | |||
If applications accept unknown dnsqueryelement values (e.g., accepts | If applications accept unknown dnsqueryelement values (e.g., accepts | |||
the URI "dns:www.example.org?secret=value" without knowing what the | the URI "dns:www.example.org?secret=value" without knowing what the | |||
"secret=value" dnsqueryelement means), a covert channel used to | "secret=value" dnsqueryelement means), a covert channel used to | |||
"leak" information may be enabled. The implications of covert | "leak" information may be enabled. The implications of covert | |||
channels should be understood by applications that accepts unknown | channels should be understood by applications that accepts unknown | |||
dnsqueryelement values. | dnsqueryelement values. | |||
Slight variations, such as difference between upper and lower case in | Slight variations, such as difference between upper and lower case in | |||
the dnsname field, can be used as a covert channel to leak | the dnsname field, can be used as a covert channel to leak | |||
information. | information. | |||
7. IANA Considerations | 7. IANA Considerations | |||
The IANA is asked to register the DNS URI scheme, using the template | The IANA is asked to register the DNS URI scheme, using the template | |||
in section 3, in accordance with RFC 2717 [12]. | in section 3, in accordance with RFC 2717 [13]. | |||
8. Copying conditions | 8. Copying conditions | |||
Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005 Simon Josefsson | Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005 Simon Josefsson | |||
Regarding this entire document or any portion of it, the author makes | Regarding this entire document or any portion of it, the author makes | |||
no guarantees and is not responsible for any damage resulting from | no guarantees and is not responsible for any damage resulting from | |||
its use. The author grants irrevocable permission to anyone to use, | its use. The author grants irrevocable permission to anyone to use, | |||
modify, and distribute it in any way that does not diminish the | modify, and distribute it in any way that does not diminish the | |||
rights of anyone else to use, modify, and distribute it, provided | rights of anyone else to use, modify, and distribute it, provided | |||
skipping to change at page 10, line 43 | skipping to change at page 10, line 43 | |||
[5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [5] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, | Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, | |||
January 2005. | January 2005. | |||
9.2 Informative References | 9.2 Informative References | |||
[6] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | [6] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | |||
RFC 959, October 1985. | RFC 959, October 1985. | |||
[7] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, | [7] Freed, N., Klensin, J., and J. Postel, "Multipurpose Internet | |||
Mail Extensions (MIME) Part Four: Registration Procedures", | ||||
BCP 13, RFC 2048, November 1996. | ||||
[8] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, | ||||
"OpenPGP Message Format", RFC 2440, November 1998. | "OpenPGP Message Format", RFC 2440, November 1998. | |||
[8] Eastlake, D., "Domain Name System Security Extensions", | [9] Eastlake, D., "Domain Name System Security Extensions", | |||
RFC 2535, March 1999. | RFC 2535, March 1999. | |||
[9] Eastlake, D. and O. Gudmundsson, "Storing Certificates in the | [10] Eastlake, D. and O. Gudmundsson, "Storing Certificates in the | |||
Domain Name System (DNS)", RFC 2538, March 1999. | Domain Name System (DNS)", RFC 2538, March 1999. | |||
[10] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, | [11] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, | |||
"X.509 Internet Public Key Infrastructure Online Certificate | "X.509 Internet Public Key Infrastructure Online Certificate | |||
Status Protocol - OCSP", RFC 2560, June 1999. | Status Protocol - OCSP", RFC 2560, June 1999. | |||
[11] Crawford, M., "Binary Labels in the Domain Name System", | [12] Crawford, M., "Binary Labels in the Domain Name System", | |||
RFC 2673, August 1999. | RFC 2673, August 1999. | |||
[12] Petke, R. and I. King, "Registration Procedures for URL Scheme | [13] Petke, R. and I. King, "Registration Procedures for URL Scheme | |||
Names", BCP 35, RFC 2717, November 1999. | Names", BCP 35, RFC 2717, November 1999. | |||
[13] Connolly, D. and L. Masinter, "The 'text/html' Media Type", | [14] Connolly, D. and L. Masinter, "The 'text/html' Media Type", | |||
RFC 2854, June 2000. | RFC 2854, June 2000. | |||
[14] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 | ||||
Public Key Infrastructure Certificate and Certificate | ||||
Revocation List (CRL) Profile", RFC 3280, April 2002. | ||||
[15] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3369, | [15] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3369, | |||
August 2002. | August 2002. | |||
[16] Faltstrom, P., Hoffman, P., and A. Costello, | [16] Faltstrom, P., Hoffman, P., and A. Costello, | |||
"Internationalizing Domain Names in Applications (IDNA)", | "Internationalizing Domain Names in Applications (IDNA)", | |||
RFC 3490, March 2003. | RFC 3490, March 2003. | |||
[17] Yergeau, F., "UTF-8, a transformation format of ISO 10646", | [17] Yergeau, F., "UTF-8, a transformation format of ISO 10646", | |||
STD 63, RFC 3629, November 2003. | STD 63, RFC 3629, November 2003. | |||
[18] Josefsson, S., "Domain Name System Media Types", RFC 4027, | ||||
April 2005. | ||||
Author's Address | Author's Address | |||
Simon Josefsson | Simon Josefsson | |||
Email: simon@josefsson.org | Email: simon@josefsson.org | |||
Appendix A. Revision Changes | Appendix A. Revision Changes | |||
Note to RFC editor: Remove this appendix before publication. | Note to RFC editor: Remove this appendix before publication. | |||
skipping to change at page 13, line 5 | skipping to change at page 13, line 5 | |||
Add section "Usage Model". Move acknowledgements, as per rfc2223bis. | Add section "Usage Model". Move acknowledgements, as per rfc2223bis. | |||
Add permissive copying condition. Updates to align with RFC 3986. | Add permissive copying condition. Updates to align with RFC 3986. | |||
A.6 Changes since -11 | A.6 Changes since -11 | |||
Fix typos. IESG feedback: Move RFC2119 reference to normative | Fix typos. IESG feedback: Move RFC2119 reference to normative | |||
section. Replace OCSP example with X.509 CRL Distribution Point | section. Replace OCSP example with X.509 CRL Distribution Point | |||
extension. Fix ABNF not to use "...". | extension. Fix ABNF not to use "...". | |||
A.7 Changes since -12 | ||||
Reference MIME and RFC 4027. IESG feedback: Do not mention OpenPGP/ | ||||
X.509 as illustrative examples in the introduction section. | ||||
Intellectual Property Statement | Intellectual Property Statement | |||
The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |