Network Working Group N. Borenstein Internet-Draft Mimecast Intended status: Informational M. Kucherawy Expires: December 3, 2011 Cloudmark June 1, 2011 Reputation Data Interchange using the DNS draft-kucherawy-reputation-query-dns-00 Abstract This document defines a mechanism to conduct queries for reputation information using the Domain Name System. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 3, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Borenstein & Kucherawy Expires December 3, 2011 [Page 1] Internet-Draft Reputation Queries with DNS June 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Document Series . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology and Definitions . . . . . . . . . . . . . . . . . . 3 3.1. Keywords . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Other Definitions . . . . . . . . . . . . . . . . . . . . . 3 4. Description . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Query Format . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. Reply Format . . . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7.1. Normative References . . . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . . 6 Appendix A. Public Discussion . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Borenstein & Kucherawy Expires December 3, 2011 [Page 2] Internet-Draft Reputation Queries with DNS June 2011 1. Introduction This memo defines a method to query a reputation data service for information about an entity, using the Domain Name System (DNS). It is part of a series defining the overall reputation query/response structure as well as the concept of reputation "vocabularies" for particular applications. 2. Document Series This memo represents the media type registration, part of a series of documents that define the overall service and introduce the initial exemplary applications. The series is as follows: 1. RFCxxxx: A Model for Reputation Interchange 2. RFCxxxx+1: A Media Type for Reputation Information 3. RFCxxxx+2: Using UDP for Reputation Interchange 4. RFCxxxx+3: Using the DNS for Reputation Interchange (this memo) 5. RFCxxxx+4: Using HTTP/XML for Reputation Interchange 6. RFCxxxx+5: A Reputation Vocabulary for Email Identity Reputation 7. RFCxxxx+6: A Reputation Vocabulary for Email Property Reputation 3. Terminology and Definitions This section defines terms used in the rest of the document. 3.1. Keywords The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS]. 3.2. Other Definitions Other terms of importance in this memo are defined in RFCxxxx, the base memo in this document series. Borenstein & Kucherawy Expires December 3, 2011 [Page 3] Internet-Draft Reputation Queries with DNS June 2011 4. Description The [DNS] provides a distributed, fault-tolerant, extensible database generally used for retrieving information about services and hosts on the Internet. In the recent past its ability to store arbitrary text data to support various applications has been exploited to store such information as [DKIM] keys, expressions of policy such as [ADSP] and [SPF], or indications of group membership such as [VBR]. This memo defines another such application. In line with [DNS-EXPAND], the TXT resource record type is used for this application. 4.1. Query Format When constructing the name to be queried, the following steps are followed: 1. Present the subject of the reputation query, formed per the particular reputation application's rules, to the [SHA1] algorithm, producing a 20-byte blob of binary output. 2. Convert the binary output to a printable ASCII string by expressing each byte, in order, as a two-digit hexadecimal string. Output this string. 3. Append an ASCII period (0x2E). 4. Append either the name of the assertion of interest, defined by the particular reputation application's rules, or the string "_any" (ASCII 0x5F, 0x61, 0x6E, 0x79) if all available assertions are being requested. 5. Append an ASCII period (0x2E). 6. Append the name of the reputation application within which a query is being made. This name MUST be one registered with IANA. 7. Append an ASCII period (0x2E). 8. Append the string "_rep" (ASCII 0x5F, 0x72, 0x65, 0x70). 9. Append an ASCII period (0x2E). 10. Append the domain name that constitutes the root of the DNS sub- tree at which the reputation data are available. This is the "base" of the reputation service. Borenstein & Kucherawy Expires December 3, 2011 [Page 4] Internet-Draft Reputation Queries with DNS June 2011 For example, suppose a client wishes to ask for any information the reputation service at "example.com" has about "example.net" within the context of the "email-id" application. A hex-converted SHA1 hash of "example.net" is the string "c15fd3911e2d2a6ed98d884447782ad67fdba939". The query would be: c15fd3911e2d2a6ed98d884447782ad67fdba939._any.email._rep.example.com The hash is done to allow arbitrarily long subjects to be encoded into the name of a DNS query. 4.2. Reply Format The reply is formatted as one or more TXT resource records. Replies not of type TXT MUST be ignored. The client MUST decode the TXT reply by concatenating all character- string (see Section 3.3 of [DNS] payloads (i.e., drop all length bytes) into a single composite string. The resultant string is expected to be of the following form, expressed in [ABNF]: rep-result := rep-assertion SP rep-value SP rep-data *rep-extension rep-assertion := token rep-extension := SP token ":" token rep-value := ("0" / "1") [ "." 1*4DIGIT ] ; MUST be between 0 and 1 inclusive rep-data := 1*20DIGIT "token" is imported from [MIME]. When the query was not about a specific assertion within the context of the reputation application, and thus "_any" was used, multiple TXT records MAY be returned, each indicating its own assertion. Assertions and vocabulary extensions not registered as part of the reputation application in use MUST be ignored. 5. IANA Considerations This memo presents no actions for IANA. Borenstein & Kucherawy Expires December 3, 2011 [Page 5] Internet-Draft Reputation Queries with DNS June 2011 6. Security Considerations This memo describes security considerations introduced by the media type defined here. 6.1. General This memo is part of a series introducing a reputation query and response system (see Section 2). The Security Considerations sections of the other memos should also be consulted. 7. References 7.1. Normative References [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [DNS] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987. [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [SHA1] U.S. Department of Commerce, "Secure Hash Standard", FIPS PUB 180-2, August 2002. 7.2. Informative References [ADSP] Allman, E., Fenton, J., Delany, M., and J. Levine, "DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)", RFC 5617, August 2009. [DKIM] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J., and M. Thomas, "DomainKeys Identified Mail (DKIM) Signatures", RFC 4871, May 2007. [DNS-EXPAND] Falstrom, P., Ed., Austein, R., Ed., and P. Koch, Ed., "Design Choices When Expanding the DNS", RFC 5507, April 2009. [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. Borenstein & Kucherawy Expires December 3, 2011 [Page 6] Internet-Draft Reputation Queries with DNS June 2011 [SPF] Wong, M. and W. Schlitt, "Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1", RFC 4408, April 2006. [VBR] Hoffman, P., Levine, J., and A. Hathcock, "Vouch By Reference", RFC 5518, April 2009. Appendix A. Public Discussion Public discussion of this suite of memos takes place on the domainrep@ietf.org mailing list. See https://www.ietf.org/mailman/listinfo/domainrep. Authors' Addresses Nathaniel Borenstein Mimecast 203 Crescent St., Suite 303 Waltham, MA 02453 USA Phone: +1 781 996 5340 Email: nsb@guppylake.com Murray S. Kucherawy Cloudmark 128 King St., 2nd Floor San Francisco, CA 94107 USA Phone: +1 415 946 3800 Email: msk@cloudmark.com Borenstein & Kucherawy Expires December 3, 2011 [Page 7]