diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-08-23 20:25:09 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-08-23 20:25:09 +0000 |
commit | eed3bb6c48563b865be5560448577e7cfe4ce443 (patch) | |
tree | a35911c5b0d26edcb0da52cc166e5b7be1e3d383 /doc/src/draft-richardson-ipsec-rr.xml | |
parent | 3ad120037ad5203580a68f3cafbb2664071fb654 (diff) | |
download | vyos-strongswan-eed3bb6c48563b865be5560448577e7cfe4ce443.tar.gz vyos-strongswan-eed3bb6c48563b865be5560448577e7cfe4ce443.zip |
- Updated to new upstream version.
Diffstat (limited to 'doc/src/draft-richardson-ipsec-rr.xml')
-rw-r--r-- | doc/src/draft-richardson-ipsec-rr.xml | 560 |
1 files changed, 560 insertions, 0 deletions
diff --git a/doc/src/draft-richardson-ipsec-rr.xml b/doc/src/draft-richardson-ipsec-rr.xml new file mode 100644 index 000000000..e51b32615 --- /dev/null +++ b/doc/src/draft-richardson-ipsec-rr.xml @@ -0,0 +1,560 @@ +<?xml version="1.0"?> +<!DOCTYPE rfc SYSTEM "rfc2629.dtd"> +<?rfc toc="yes"?> + +<rfc ipr="full2026" docName="draft-ietf-ipseckey-rr-07.txt"> + +<front> + <area>Security</area> + <workgroup>IPSECKEY WG</workgroup> + <title abbrev="ipsecrr"> + A method for storing IPsec keying material in DNS. + </title> + + <author initials="M." surname="Richardson" fullname="Michael C. Richardson"> + <organization abbrev="SSW">Sandelman Software Works</organization> + <address> + <postal> + <street>470 Dawson Avenue</street> + <city>Ottawa</city> + <region>ON</region> + <code>K1Z 5V7</code> + <country>CA</country> + </postal> + <email>mcr@sandelman.ottawa.on.ca</email> + <uri>http://www.sandelman.ottawa.on.ca/</uri> + </address> + </author> + + <date month="September" year="2003" /> + +<abstract> + <t> +This document describes a new resource record for DNS. This record may be +used to store public keys for use in IPsec systems. +</t> + +<t> +This record replaces the functionality of the sub-type #1 of the KEY Resource +Record, which has been obsoleted by RFC3445. +</t> +</abstract> + +</front> + +<middle> + +<section title="Introduction"> +<t> + The type number for the IPSECKEY RR is TBD. +</t> + +<section title="Overview"> +<t> + The IPSECKEY resource record (RR) is used to publish a public key that is + to be associated with a Domain Name System (DNS) name for use with the + IPsec protocol suite. This can be the public key of a host, + network, or application (in the case of per-port keying). +</t> + +<t> + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL + NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + RFC2119 <xref target="RFC2119" />. +</t> +</section> + +<section title="Usage Criteria"> +<t> + An IPSECKEY resource record SHOULD be used in combination with DNSSEC +unless some other means of authenticating the IPSECKEY resource record +is available. +</t> + +<t> + It is expected that there will often be multiple IPSECKEY resource + records at the same name. This will be due to the presence + of multiple gateways and the need to rollover keys. + +</t> + +<t> + This resource record is class independent. +</t> +</section> +</section> + +<section title="Storage formats"> + +<section title="IPSECKEY RDATA format"> + +<t> + The RDATA for an IPSECKEY RR consists of a precedence value, a public key, + algorithm type, and an optional gateway address. +</t> + +<artwork><![CDATA[ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | precedence | gateway type | algorithm | gateway | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-------------+ + + ~ gateway ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | / + / public key / + / / + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| +]]></artwork> +</section> + +<section title="RDATA format - precedence"> +<t> +This is an 8-bit precedence for this record. This is interpreted in +the same way as the PREFERENCE field described in section +3.3.9 of RFC1035 <xref target="RFC1035" />. +</t> +<t> +Gateways listed in IPSECKEY records with lower precedence are +to be attempted first. Where there is a tie in precedence, the order +should be non-deterministic. +</t> +</section> + +<section anchor="algotype" title="RDATA format - algorithm type"> +<t> +The algorithm type field identifies the public key's cryptographic +algorithm and determines the format of the public key field. +</t> + +<t> +A value of 0 indicates that no key is present. +</t> + +<t> +The following values are defined: + <list style="hanging"> + <t hangText="1">A DSA key is present, in the format defined in RFC2536 <xref target="RFC2536" /></t> + <t hangText="2">A RSA key is present, in the format defined in RFC3110 <xref target="RFC3110" /></t> + </list> +</t> + +</section> + +<section anchor="gatewaytype" title="RDATA format - gateway type"> +<t> +The gateway type field indicates the format of the information that +is stored in the gateway field. +</t> + +<t> +The following values are defined: + <list style="hanging"> + <t hangText="0">No gateway is present</t> + <t hangText="1">A 4-byte IPv4 address is present</t> + <t hangText="2">A 16-byte IPv6 address is present</t> + <t hangText="3">A wire-encoded domain name is present. The wire-encoded +format is self-describing, so the length is implicit. The domain name +MUST NOT be compressed.</t> + </list> +</t> + +</section> + +<section title="RDATA format - gateway"> +<t> +The gateway field indicates a gateway to which an IPsec tunnel may be +created in order to reach the entity named by this resource record. +</t> +<t> +There are three formats: +</t> + +<t> +A 32-bit IPv4 address is present in the gateway field. The data +portion is an IPv4 address as described in section 3.4.1 of +<xref target="RFC1035">RFC1035</xref>. This is a 32-bit number in network byte order. +</t> + +<t>A 128-bit IPv6 address is present in the gateway field. +The data portion is an IPv6 address as described in section 2.2 of +<xref target="RFC1886">RFC1886</xref>. This is a 128-bit number in network byte order. +</t> + +<t> +The gateway field is a normal wire-encoded domain name, as described +in section 3.3 of RFC1035 <xref target="RFC1035" />. Compression MUST NOT be used. +</t> + +</section> + +<section title="RDATA format - public keys"> +<t> +Both of the public key types defined in this document (RSA and DSA) +inherit their public key formats from the corresponding KEY RR formats. +Specifically, the public key field contains the algorithm-specific +portion of the KEY RR RDATA, which is all of the KEY RR DATA after the +first four octets. This is the same portion of the KEY RR that must be +specified by documents that define a DNSSEC algorithm. +Those documents also specify a message digest to be used for generation +of SIG RRs; that specification is not relevant for IPSECKEY RR. +</t> + +<t> +Future algorithms, if they are to be used by both DNSSEC (in the KEY +RR) and IPSECKEY, are likely to use the same public key encodings in +both records. Unless otherwise specified, the IPSECKEY public key +field will contain the algorithm-specific portion of the KEY RR RDATA +for the corresponding algorithm. The algorithm must still be +designated for use by IPSECKEY, and an IPSECKEY algorithm type number +(which might be different than the DNSSEC algorithm number) must be +assigned to it. +</t> + +<t>The DSA key format is defined in RFC2536 <xref target="RFC2536" /></t>. + +<t>The RSA key format is defined in RFC3110 <xref target="RFC3110" />, +with the following changes:</t> + +<t> +The earlier definition of RSA/MD5 in RFC2065 limited the exponent and +modulus to 2552 bits in length. RFC3110 extended that limit to 4096 +bits for RSA/SHA1 keys. The IPSECKEY RR imposes no length limit on +RSA public keys, other than the 65535 octet limit imposed by the +two-octet length encoding. This length extension is applicable only +to IPSECKEY and not to KEY RRs. +</t> + +</section> + +</section> + + + +<section title="Presentation formats"> + +<section title="Representation of IPSECKEY RRs"> +<t> + IPSECKEY RRs may appear in a zone data master file. + The precedence, gateway type and algorithm and gateway fields are REQUIRED. + The base64 encoded public key block is OPTIONAL; if not present, + then the public key field of the resource record MUST be construed + as being zero octets in length. +</t> +<t> + The algorithm field is an unsigned integer. No mnemonics are defined. +</t> +<t> + If no gateway is to be indicated, then the gateway type field MUST + be zero, and the gateway field MUST be "." +</t> + +<t> + The Public Key field is represented as a Base64 encoding of the + Public Key. Whitespace is allowed within the Base64 text. For a + definition of Base64 encoding, see +<xref target="RFC1521">RFC1521</xref> Section 5.2. +</t> + + +<t> + The general presentation for the record as as follows: +<artwork><![CDATA[ +IN IPSECKEY ( precedence gateway-type algorithm + gateway base64-encoded-public-key ) +]]></artwork> +</t> +</section> + + +<section title="Examples"> +<t> +An example of a node 192.0.2.38 that will accept IPsec tunnels on its +own behalf. +<artwork><![CDATA[ +38.2.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 1 2 + 192.0.2.38 + AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) +]]></artwork> +</t> + +<t> +An example of a node, 192.0.2.38 that has published its key only. +<artwork><![CDATA[ +38.2.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 0 2 + . + AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) +]]></artwork> +</t> + +<t> +An example of a node, 192.0.2.38 that has delegated authority to the node +192.0.2.3. +<artwork><![CDATA[ +38.2.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 1 2 + 192.0.2.3 + AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) +]]></artwork> +</t> + +<t> +An example of a node, 192.0.1.38 that has delegated authority to the node +with the identity "mygateway.example.com". +<artwork><![CDATA[ +38.1.0.192.in-addr.arpa. 7200 IN IPSECKEY ( 10 3 2 + mygateway.example.com. + AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) +]]></artwork> +</t> + +<t> +An example of a node, 2001:0DB8:0200:1:210:f3ff:fe03:4d0 that has +delegated authority to the node 2001:0DB8:c000:0200:2::1 +<artwork><![CDATA[ +$ORIGIN 1.0.0.0.0.0.2.8.B.D.0.1.0.0.2.ip6.int. +0.d.4.0.3.0.e.f.f.f.3.f.0.1.2.0 7200 IN IPSECKEY ( 10 2 2 + 2001:0DB8:0:8002::2000:1 + AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== ) +]]></artwork> +</t> + +</section> +</section> + +<section title="Security Considerations"> +<t> + This entire memo pertains to the provision of public keying material + for use by key management protocols such as ISAKMP/IKE (RFC2407) + <xref target="RFC2407" />. +</t> + +<t> +The IPSECKEY resource record contains information that SHOULD be +communicated to the end client in an integral fashion - i.e. free from +modification. The form of this channel is up to the consumer of the +data - there must be a trust relationship between the end consumer of this +resource record and the server. This relationship may be end-to-end +DNSSEC validation, a TSIG or SIG(0) channel to another secure source, +a secure local channel on the host, or some combination of the above. +</t> + +<t> +The keying material provided by the IPSECKEY resource record is not +sensitive to passive attacks. The keying material may be freely +disclosed to any party without any impact on the security properties +of the resulting IPsec session: IPsec and IKE provide for defense +against both active and passive attacks. +</t> + +<t> + Any user of this resource record MUST carefully document their trust + model, and why the trust model of DNSSEC is appropriate, if that is + the secure channel used. +</t> + +<section title="Active attacks against unsecured IPSECKEY resource records"> +<t> +This section deals with active attacks against the DNS. These attacks +require that DNS requests and responses be intercepted and changed. +DNSSEC is designed to defend against attacks of this kind. +</t> + +<t> +The first kind of active attack is when the attacker replaces the +keying material with either a key under its control or with garbage. +</t> + +<t> +If the attacker is not able to mount a subsequent +man-in-the-middle attack on the IKE negotiation after replacing the +public key, then this will result in a denial of service, as the +authenticator used by IKE would fail. +</t> + +<t> +If the attacker is able to both to mount active attacks against DNS +and is also in a position to perform a man-in-the-middle attack on IKE and +IPsec negotiations, then the attacker will be in a position to compromise +the resulting IPsec channel. Note that an attacker must be able to +perform active DNS attacks on both sides of the IKE negotiation in +order for this to succeed. +</t> + +<t> +The second kind of active attack is one in which the attacker replaces +the the gateway address to point to a node under the attacker's +control. The attacker can then either replace the public key or remove +it, thus providing an IPSECKEY record of its own to match the +gateway address. +</t> + +<t> +This later form creates a simple man-in-the-middle since the attacker +can then create a second tunnel to the real destination. Note that, as before, +this requires that the attacker also mount an active attack against +the responder. +</t> + +<t> +Note that the man-in-the-middle can not just forward cleartext +packets to the original destination. While the destination may be +willing to speak in the clear, replying to the original sender, +the sender will have already created a policy expecting ciphertext. +Thus, the attacker will need to intercept traffic from both sides. In some +cases, the attacker may be able to accomplish the full intercept by use +of Network Addresss/Port Translation (NAT/NAPT) technology. +</t> + +<t> +Note that the danger here only applies to cases where the gateway +field of the IPSECKEY RR indicates a different entity than the owner +name of the IPSECKEY RR. In cases where the end-to-end integrity of +the IPSECKEY RR is suspect, the end client MUST restrict its use +of the IPSECKEY RR to cases where the RR owner name matches the +content of the gateway field. +</t> +</section> + +</section> + +<section title="IANA Considerations"> +<t> +This document updates the IANA Registry for DNS Resource Record Types +by assigning type X to the IPSECKEY record. +</t> + +<t> +This document creates an IANA registry for the algorithm type field. +</t> +<t> +Values 0, 1 and 2 are defined in <xref target="algotype" />. Algorithm numbers +3 through 255 can be assigned by IETF Consensus (<xref target="RFC2434">see RFC2434</xref>). +</t> + +<t> +This document creates an IANA registry for the gateway type field. +</t> +<t> +Values 0, 1, 2 and 3 are defined in <xref target="gatewaytype" />. +Algorithm numbers 4 through 255 can be assigned by +Standards Action (<xref target="RFC2434">see RFC2434</xref>). +</t> + + + +</section> + +<section title="Acknowledgments"> +<t> +My thanks to Paul Hoffman, Sam Weiler, Jean-Jacques Puig, Rob Austein, +and Olafur Gurmundsson who reviewed this document carefully. +Additional thanks to Olafur Gurmundsson for a reference implementation. +</t> +</section> + +</middle> + +<back> +<references title="Normative references"> +<!-- DNSSEC --> +<?rfc include="reference.RFC.1034" ?> +<?rfc include="reference.RFC.1035" ?> +<?rfc include="reference.RFC.1521" ?> +<?rfc include="reference.RFC.2026" ?> +<?rfc include="reference.RFC.2065" ?> +<?rfc include="reference.RFC.2434" ?> +</references> + +<references title="Non-normative references"> +<?rfc include="reference.RFC.1886" ?> +<?rfc include="reference.RFC.2119" ?> +<?rfc include="reference.RFC.2407" ?> +<?rfc include="reference.RFC.2535" ?> +<?rfc include="reference.RFC.2536" ?> +<?rfc include="reference.RFC.3110" ?> +<?rfc include="reference.RFC.3445" ?> +</references> +</back> +</rfc> +<!-- + $Id: draft-richardson-ipsec-rr.xml,v 1.1 2004/03/15 20:35:24 as Exp $ + + $Log: draft-richardson-ipsec-rr.xml,v $ + Revision 1.1 2004/03/15 20:35:24 as + added files from freeswan-2.04-x509-1.5.3 + + Revision 1.23 2003/09/04 23:26:09 mcr + more nits. + + Revision 1.22 2003/08/16 15:55:35 mcr + fixed version to -06. + + Revision 1.21 2003/08/16 15:52:32 mcr + Sam's comments on IANA considerations. + + Revision 1.20 2003/07/27 22:57:54 mcr + updated document with new text about a seperate registry + for the algorithm type. + + Revision 1.19 2003/06/30 01:51:50 mcr + minor typo fixes. + + Revision 1.18 2003/06/16 17:45:00 mcr + adjusted date on rev-04. + + Revision 1.17 2003/06/16 17:41:30 mcr + revision -04 + + Revision 1.16 2003/06/16 17:39:20 mcr + adjusted typos, and adjusted IANA considerations. + + Revision 1.15 2003/05/26 19:31:23 mcr + updates to drafts - IPSEC RR - SC versions, and RFC3526 + reference in OE draft. + + Revision 1.14 2003/05/23 13:57:40 mcr + updated draft ##. + + Revision 1.13 2003/05/23 13:54:45 mcr + updated month on draft. + + Revision 1.12 2003/05/21 15:42:49 mcr + new SC section with comments from Rob Austein. + + Revision 1.11 2003/05/20 20:52:22 mcr + new security considerations section. + + Revision 1.10 2003/05/20 19:07:47 mcr + rewrote Security Considerations. + + Revision 1.9 2003/05/20 18:17:09 mcr + nits from Rob Austein. + + Revision 1.8 2003/04/29 00:44:59 mcr + updates according to WG consensus: restored three-way + gateway field type. + + Revision 1.7 2003/03/30 17:00:29 mcr + updates according to community feedback. + + Revision 1.6 2003/03/19 02:20:24 mcr + updated draft based upon comments from working group + + Revision 1.5 2003/02/23 22:39:22 mcr + updates to IPSECKEY draft. + + Revision 1.4 2003/02/21 04:39:04 mcr + updated drafts, and added crosscompile.html + + Revision 1.3 2003/01/17 16:26:34 mcr + updated IPSEC KEY draft with restrictions. + + Revision 1.2 2002/08/26 18:20:54 mcr + updated documents + + Revision 1.1 2002/08/10 20:05:33 mcr + document proposing IPSECKEY Resource Record + + +!> |