summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/doc/rfc/rfc2541.txt
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/doc/rfc/rfc2541.txt')
-rw-r--r--contrib/bind9/doc/rfc/rfc2541.txt395
1 files changed, 0 insertions, 395 deletions
diff --git a/contrib/bind9/doc/rfc/rfc2541.txt b/contrib/bind9/doc/rfc/rfc2541.txt
deleted file mode 100644
index a62ed2b..0000000
--- a/contrib/bind9/doc/rfc/rfc2541.txt
+++ /dev/null
@@ -1,395 +0,0 @@
-
-
-
-
-
-
-Network Working Group D. Eastlake
-Request for Comments: 2541 IBM
-Category: Informational March 1999
-
-
- DNS Security Operational Considerations
-
-Status of this Memo
-
- This memo provides information for the Internet community. It does
- not specify an Internet standard of any kind. Distribution of this
- memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
-Abstract
-
- Secure DNS is based on cryptographic techniques. A necessary part of
- the strength of these techniques is careful attention to the
- operational aspects of key and signature generation, lifetime, size,
- and storage. In addition, special attention must be paid to the
- security of the high level zones, particularly the root zone. This
- document discusses these operational aspects for keys and signatures
- used in connection with the KEY and SIG DNS resource records.
-
-Acknowledgments
-
- The contributions and suggestions of the following persons (in
- alphabetic order) are gratefully acknowledged:
-
- John Gilmore
- Olafur Gudmundsson
- Charlie Kaufman
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Informational [Page 1]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
-Table of Contents
-
- Abstract...................................................1
- Acknowledgments............................................1
- 1. Introduction............................................2
- 2. Public/Private Key Generation...........................2
- 3. Public/Private Key Lifetimes............................2
- 4. Public/Private Key Size Considerations..................3
- 4.1 RSA Key Sizes..........................................3
- 4.2 DSS Key Sizes..........................................4
- 5. Private Key Storage.....................................4
- 6. High Level Zones, The Root Zone, and The Meta-Root Key..5
- 7. Security Considerations.................................5
- References.................................................6
- Author's Address...........................................6
- Full Copyright Statement...................................7
-
-1. Introduction
-
- This document describes operational considerations for the
- generation, lifetime, size, and storage of DNS cryptographic keys and
- signatures for use in the KEY and SIG resource records [RFC 2535].
- Particular attention is paid to high level zones and the root zone.
-
-2. Public/Private Key Generation
-
- Careful generation of all keys is a sometimes overlooked but
- absolutely essential element in any cryptographically secure system.
- The strongest algorithms used with the longest keys are still of no
- use if an adversary can guess enough to lower the size of the likely
- key space so that it can be exhaustively searched. Technical
- suggestions for the generation of random keys will be found in [RFC
- 1750].
-
- Long term keys are particularly sensitive as they will represent a
- more valuable target and be subject to attack for a longer time than
- short period keys. It is strongly recommended that long term key
- generation occur off-line in a manner isolated from the network via
- an air gap or, at a minimum, high level secure hardware.
-
-3. Public/Private Key Lifetimes
-
- No key should be used forever. The longer a key is in use, the
- greater the probability that it will have been compromised through
- carelessness, accident, espionage, or cryptanalysis. Furthermore, if
-
-
-
-
-
-
-Eastlake Informational [Page 2]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
- key rollover is a rare event, there is an increased risk that, when
- the time does come to change the key, no one at the site will
- remember how to do it or operational problems will have developed in
- the key rollover procedures.
-
- While public key lifetime is a matter of local policy, these
- considerations imply that, unless there are extraordinary
- circumstances, no long term key should have a lifetime significantly
- over four years. In fact, a reasonable guideline for long term keys
- that are kept off-line and carefully guarded is a 13 month lifetime
- with the intent that they be replaced every year. A reasonable
- maximum lifetime for keys that are used for transaction security or
- the like and are kept on line is 36 days with the intent that they be
- replaced monthly or more often. In many cases, a key lifetime of
- somewhat over a day may be reasonable.
-
- On the other hand, public keys with too short a lifetime can lead to
- excessive resource consumption in re-signing data and retrieving
- fresh information because cached information becomes stale. In the
- Internet environment, almost all public keys should have lifetimes no
- shorter than three minutes, which is a reasonable estimate of maximum
- packet delay even in unusual circumstances.
-
-4. Public/Private Key Size Considerations
-
- There are a number of factors that effect public key size choice for
- use in the DNS security extension. Unfortunately, these factors
- usually do not all point in the same direction. Choice of zone key
- size should generally be made by the zone administrator depending on
- their local conditions.
-
- For most schemes, larger keys are more secure but slower. In
- addition, larger keys increase the size of the KEY and SIG RRs. This
- increases the chance of DNS UDP packet overflow and the possible
- necessity for using higher overhead TCP in responses.
-
-4.1 RSA Key Sizes
-
- Given a small public exponent, verification (the most common
- operation) for the MD5/RSA algorithm will vary roughly with the
- square of the modulus length, signing will vary with the cube of the
- modulus length, and key generation (the least common operation) will
- vary with the fourth power of the modulus length. The current best
- algorithms for factoring a modulus and breaking RSA security vary
- roughly with the 1.6 power of the modulus itself. Thus going from a
- 640 bit modulus to a 1280 bit modulus only increases the verification
- time by a factor of 4 but may increase the work factor of breaking
- the key by over 2^900.
-
-
-
-Eastlake Informational [Page 3]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
- The recommended minimum RSA algorithm modulus size is 704 bits which
- is believed by the author to be secure at this time. But high level
- zones in the DNS tree may wish to set a higher minimum, perhaps 1000
- bits, for security reasons. (Since the United States National
- Security Agency generally permits export of encryption systems using
- an RSA modulus of up to 512 bits, use of that small a modulus, i.e.
- n, must be considered weak.)
-
- For an RSA key used only to secure data and not to secure other keys,
- 704 bits should be adequate at this time.
-
-4.2 DSS Key Sizes
-
- DSS keys are probably roughly as strong as an RSA key of the same
- length but DSS signatures are significantly smaller.
-
-5. Private Key Storage
-
- It is recommended that, where possible, zone private keys and the
- zone file master copy be kept and used in off-line, non-network
- connected, physically secure machines only. Periodically an
- application can be run to add authentication to a zone by adding SIG
- and NXT RRs and adding no-key type KEY RRs for subzones/algorithms
- where a real KEY RR for the subzone with that algorithm is not
- provided. Then the augmented file can be transferred, perhaps by
- sneaker-net, to the networked zone primary server machine.
-
- The idea is to have a one way information flow to the network to
- avoid the possibility of tampering from the network. Keeping the
- zone master file on-line on the network and simply cycling it through
- an off-line signer does not do this. The on-line version could still
- be tampered with if the host it resides on is compromised. For
- maximum security, the master copy of the zone file should be off net
- and should not be updated based on an unsecured network mediated
- communication.
-
- This is not possible if the zone is to be dynamically updated
- securely [RFC 2137]. At least a private key capable of updating the
- SOA and NXT chain must be on line in that case.
-
- Secure resolvers must be configured with some trusted on-line public
- key information (or a secure path to such a resolver) or they will be
- unable to authenticate. Although on line, this public key
- information must be protected or it could be altered so that spoofed
- DNS data would appear authentic.
-
-
-
-
-
-
-Eastlake Informational [Page 4]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
- Non-zone private keys, such as host or user keys, generally have to
- be kept on line to be used for real-time purposes such as DNS
- transaction security.
-
-6. High Level Zones, The Root Zone, and The Meta-Root Key
-
- Higher level zones are generally more sensitive than lower level
- zones. Anyone controlling or breaking the security of a zone thereby
- obtains authority over all of its subdomains (except in the case of
- resolvers that have locally configured the public key of a
- subdomain). Therefore, extra care should be taken with high level
- zones and strong keys used.
-
- The root zone is the most critical of all zones. Someone controlling
- or compromising the security of the root zone would control the
- entire DNS name space of all resolvers using that root zone (except
- in the case of resolvers that have locally configured the public key
- of a subdomain). Therefore, the utmost care must be taken in the
- securing of the root zone. The strongest and most carefully handled
- keys should be used. The root zone private key should always be kept
- off line.
-
- Many resolvers will start at a root server for their access to and
- authentication of DNS data. Securely updating an enormous population
- of resolvers around the world will be extremely difficult. Yet the
- guidelines in section 3 above would imply that the root zone private
- key be changed annually or more often and if it were staticly
- configured at all these resolvers, it would have to be updated when
- changed.
-
- To permit relatively frequent change to the root zone key yet
- minimize exposure of the ultimate key of the DNS tree, there will be
- a "meta-root" key used very rarely and then only to sign a sequence
- of regular root key RRsets with overlapping time validity periods
- that are to be rolled out. The root zone contains the meta-root and
- current regular root KEY RR(s) signed by SIG RRs under both the
- meta-root and other root private key(s) themselves.
-
- The utmost security in the storage and use of the meta-root key is
- essential. The exact techniques are precautions to be used are
- beyond the scope of this document. Because of its special position,
- it may be best to continue with the same meta-root key for an
- extended period of time such as ten to fifteen years.
-
-7. Security Considerations
-
- The entirety of this document is concerned with operational
- considerations of public/private key pair DNS Security.
-
-
-
-Eastlake Informational [Page 5]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
-References
-
- [RFC 1034] Mockapetris, P., "Domain Names - Concepts and
- Facilities", STD 13, RFC 1034, November 1987.
-
- [RFC 1035] Mockapetris, P., "Domain Names - Implementation and
- Specifications", STD 13, RFC 1035, November 1987.
-
- [RFC 1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
- Requirements for Security", RFC 1750, December 1994.
-
- [RFC 2065] Eastlake, D. and C. Kaufman, "Domain Name System
- Security Extensions", RFC 2065, January 1997.
-
- [RFC 2137] Eastlake, D., "Secure Domain Name System Dynamic
- Update", RFC 2137, April 1997.
-
- [RFC 2535] Eastlake, D., "Domain Name System Security Extensions",
- RFC 2535, March 1999.
-
- [RSA FAQ] RSADSI Frequently Asked Questions periodic posting.
-
-Author's Address
-
- Donald E. Eastlake 3rd
- IBM
- 65 Shindegan Hill Road, RR #1
- Carmel, NY 10512
-
- Phone: +1-914-276-2668(h)
- +1-914-784-7913(w)
- Fax: +1-914-784-3833(w)
- EMail: dee3@us.ibm.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Informational [Page 6]
-
-RFC 2541 DNS Security Operational Considerations March 1999
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Eastlake Informational [Page 7]
-
OpenPOWER on IntegriCloud