Internet DRAFT - draft-mekking-dnsop-kasp

draft-mekking-dnsop-kasp







DNSOP                                                      J. Lundstroem
Internet-Draft                                                       .SE
Intended status: Experimental                                 W. Mekking
Expires: January 5, 2015                                      NLnet Labs
                                                            July 4, 2014


                    DNSSEC Key and Signing Policies
                      draft-mekking-dnsop-kasp-00

Abstract

   This document describes how key policies should look like.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 5, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.






Lundstroem & Mekking     Expires January 5, 2015                [Page 1]

Internet-Draft                    KASP                         July 2014


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Key Words . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   2
     1.3.  Data Modeling . . . . . . . . . . . . . . . . . . . . . .   3
       1.3.1.  Data Modeling Types . . . . . . . . . . . . . . . . .   3
       1.3.2.  Data Modeling Arguments . . . . . . . . . . . . . . .   3
   2.  KASP Contents . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Preamble  . . . . . . . . . . . . . . . . . . . . . . . .   3
       2.1.1.  Policies  . . . . . . . . . . . . . . . . . . . . . .   4
         2.1.1.1.  Signatures  . . . . . . . . . . . . . . . . . . .   4
         2.1.1.2.  Authenticated Denial of Existence . . . . . . . .   6
         2.1.1.3.  Keys  . . . . . . . . . . . . . . . . . . . . . .   8
         2.1.1.4.  Zone  . . . . . . . . . . . . . . . . . . . . . .  11
         2.1.1.5.  Parent  . . . . . . . . . . . . . . . . . . . . .  13
   3.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  14
     3.1.  Informative References  . . . . . . . . . . . . . . . . .  14
     3.2.  Normative References  . . . . . . . . . . . . . . . . . .  14
   Appendix A.  Changelog  . . . . . . . . . . . . . . . . . . . . .  16

1.  Introduction

   A key and signing policy (KASP) defines a DNSSEC [RFC4033] [RFC4034]
   [RFC4035] policy for one or more zones.

1.1.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.2.  Terminology

   The reader is assumed to be familiar with DNSSEC described in
   [RFC4033] [RFC4034] [RFC4035], [RFC5155] and [RFC6781].

   The following terminology is used throughout this document:

   KASP:  Key And Signing Policy, describes a DNSSEC policy that can be
      applied to one or more zones.

   A key and signing policy can be expressed in any format.  This
   document uses XML as example.







Lundstroem & Mekking     Expires January 5, 2015                [Page 2]

Internet-Draft                    KASP                         July 2014


1.3.  Data Modeling

1.3.1.  Data Modeling Types

   This document reuses the modeling types described in [RFC6020].

   The following modeling types are used:

   container:  A container node does not have a value, but it has a list
      of child nodes in the data tree.  The child nodes are defined in
      the container's substatements.

   leaf:  A leaf node has a value, but no child nodes in the data tree.
      A leaf node exists in zero or one instances in the data tree.

   list:  The "list" statement is used to define an interior data node
      in the schema tree.  A list node may exist in multiple instances
      in the data tree.  Each such instance is known as a list entry.

   choice:  The "choice" statement defines a set of alternatives, only
      one of which may exist at any one time.  A choice node does not
      exist in the data tree.

      A choice consists of a number of branches, defined with the "case"
      substatement.  Each branch contains a number of child nodes.  The
      nodes from at most one of the choice's branches exist at the same
      time.

1.3.2.  Data Modeling Arguments

   The following arguments are used:

   string:  A string.

   duration:  A duration, as specified in ISO 8601 [REF].

   empty:  An empty type.

   integer:  An integer.

2.  KASP Contents

2.1.  Preamble

   All policies MUST be enclosed in a KASP container.






Lundstroem & Mekking     Expires January 5, 2015                [Page 3]

Internet-Draft                    KASP                         July 2014


   container KASP {
       list Policy { ... }
   }

   A KASP container MUST contain a sequence of policy entries and MUST
   NOT contain any other modeling types.

2.1.1.  Policies

   Each policy MUST have a "name" leaf which contains the name of the
   policy.  The name is used to link a policy and the zones signed using
   it; each policy MUST have a unique name.  A policy named "default"
   MAY be used to associate with all zones that do not have a policy
   explicitly configured.  A policy SHOULD have a description associated
   with it.  Furthermore, a policy MUST have the containers Signatures,
   Denial, Keys, Zone and Parent.  These containers are described in the
   forthcoming sections.

   list Policy {
       key "name";
       leaf name {
           mandatory true;
           type string;
       }
       leaf description {
           type string;
       }
       container Signatures { ... }
       container Denial { ... }
       container Keys { ... }
       container Zone { ... }
       container Parent { ... }
   }

2.1.1.1.  Signatures

   A Signatures container defines the policy parameters for creating
   RRSIG records and MUST be included.  It MUST contain the following
   leaf nodes: Resign, Refresh, InceptionOffset.  It MAY have a leaf
   node Jitter.  It MUST contain a Validity container that includes leaf
   nodes for the validity periods of certain type of resource record
   sets (RRsets).  The Default leaf node sets the validity period for
   all RRsets that do not have a specific leaf node in this Validity
   container.  The Denial leaf node sets the validity period for all
   NSEC and NSEC3 RRsets.






Lundstroem & Mekking     Expires January 5, 2015                [Page 4]

Internet-Draft                    KASP                         July 2014


   The Validity container MUST include leaf nodes Default and Denial and
   MAY include other leaf nodes to differentiate between even more types
   of RRsets.

   container Signatures {
       leaf Resign {
           mandatory true;
           type duration;
       }
       leaf Refresh {
           mandatory true;
           type duration;
       }
       leaf Jitter {
           type duration;
       }
       leaf InceptionOffset {
           mandatory true;
           type duration;
       }
       container Validity {
           leaf Default {
               mandatory true;
               type duration;
           }
           leaf Denial {
               mandatory true;
               type duration;
           }
       }
   }

   Here:

   1.  Resign - the re-sign interval, which is the interval when the
       signer MUST re-sign the zone.

   2.  Refresh - the refresh interval, detailing when a signature MUST
       be refreshed.  As signatures are typically valid for much longer
       than the interval between runs of the signer, there is no need to
       re-generate the signatures each time the signer runs.  The
       signature MUST be refreshed when the time until the signature
       expiration is closer than the refresh interval or when the data
       has been changed.  A value of zero (PT0S) MUST be interpreted as
       to refresh the signatures each re-sign interval.

   3.  Jitter - If present, the value added to the expiration time of
       signatures to ensure that not all signatures expire at the same



Lundstroem & Mekking     Expires January 5, 2015                [Page 5]

Internet-Draft                    KASP                         July 2014


       time.  The actual value of Jitter to be added MUST be -j + (r %
       2j), where j is the jitter value from the policy and r a random
       duration, uniformly ranging between -j and j, is added to
       signature validity period to get the signature expiration time.

   4.  InceptionOffset - a duration that MUST be subtracted from the
       time at which a record is signed to give the start time of the
       record.  This is required to allow for clock skew between the
       signing system and the system on which the signature is checked.
       Without it, the possibility exists that the checking system could
       retrieve a signature whose start time is later than the current
       time.

   5.  Validity - groups two or more elements of information related to
       how long the signatures are valid for - Denial is the validity
       period for all NSEC and NSEC3 RRsets, Default is the validity
       period for all other RRset.

   [MM: Add MaxZoneTTL]

   The relationship between these elements is shown [RFC6781],
   Figure 11.

2.1.1.2.  Authenticated Denial of Existence

   Authenticated denial of existence information is included within a
   Denial container.  It MUST contain either an empty leaf node NSEC or
   a container NSEC3.  A NSEC3 container MUST include a leaf node for
   TTL and Resalt and MUST include a container Hash.  Additionally, it
   MAY include an OptOut leaf node.

   The Hash container MUST include three leaf nodes: Algorithm,
   Iterations and SaltLength.


















Lundstroem & Mekking     Expires January 5, 2015                [Page 6]

Internet-Draft                    KASP                         July 2014


   container Denial {
       choice RRtype {
           case plain {
               leaf NSEC {
                   mandatory true;
                   type empty;
               }
           }
           case hashed {
               container NSEC3 {
                   leaf TTL {
                       mandatory true;
                       type duration;
                   }
                   leaf OptOut {
                       type empty;
                   }
                   leaf Resalt {
                       mandatory true;
                       type duration;
                   }
                   container Hash {
                       leaf Algorithm {
                           mandatory true;
                           type integer;
                       }
                       leaf Iterations {
                           mandatory true;
                           type integer;
                       }
                       leaf SaltLength {
                           mandatory true;
                           type integer;
                       }
                   }
               }
           }
       }

   If NSEC is used, zones with this policy MUST include NSEC records
   when signing the zone.  If NSEC3 is used, zones with this policy MUST
   include NSEC3 and NSEC3PARAM records with the appropriate policy
   values:

   1.  TTL - if present, the TTL for the NSEC3PARAM resource record MUST
       be set to this value.  If not present, PT0S (0) SHOULD be used as
       TTL.




Lundstroem & Mekking     Expires January 5, 2015                [Page 7]

Internet-Draft                    KASP                         July 2014


   2.  OptOut - if present, all included NSEC3 records SHOULD set the
       Opt-Out bit.  The signer SHOULD NOT include NSEC3 records for
       insecure delegations.

   3.  Resalt - A new salt value MUST be generated each Resalt interval
       value.

   4.  Algorithm, Iterations, SaltLength MUST be used as the parameters
       to the hash algorithm.

   The choice and case modeling types are not included in the actual
   data tree.  In the case that NSEC is used, the XML example would be:

   <Denial>
       <NSEC/>
   </Denial>

2.1.1.3.  Keys

   Parameters relating to keys can be found in Keys container.  This
   container MUST include leaf node for TTL, and MAY include leaf nodes
   for PublishSafety, RetireSafety, ShareKeys and Purge.  Furthermore,
   it MAY include a KSK list, a ZSK list and/or a CSK list.  The latter
   indicates that a Single-Type Signing Scheme is used.  If no such
   lists are included in the policy, the zone remains unsigned.

   container Keys {
       leaf TTL {
           mandatory true;
           type duration;
       }
       leaf PublishSafety {
           type duration;
       }
       leaf RetireSafety {
           type duration;
       }
       leaf ShareKeys {
           type empty;
       }
       leaf Purge {
           type duration;
       }
       list KSK { ... }
       list ZSK { ... }
       list CSK { ... }
   }




Lundstroem & Mekking     Expires January 5, 2015                [Page 8]

Internet-Draft                    KASP                         July 2014


   The leaf nodes specify the following behavior:

   1.  TTL - This value MUST be used as the TTL of the DNSKEY resource
       records.

   2.  PublishSafety - If present, the publish safety margin is used to
       give some extra time to cover unforeseen events and MUST be added
       to the publish interval in key timing equations.

   3.  RetireSafety - If present and similar to PublishSafety, the
       retire safety margin MUST be added to the retire interval in key
       timing equations.

   4.  ShareKeys - if multiple zones are associated with the same
       policy, the presence of a ShareKeys node indicates that a
       physical key can be shared between zones.

   5.  Purge - if present, keys in the dead state (as defined in key-
       timing-bis) will be automatically purged from the database after
       this interval.

   A CSK, KSK or ZSK list MUST include leaf nodes for Algorithm, Length,
   Lifetime and Repository.  Additionally, they MAY include a RollType
   leaf, Standby leaf and ManualRollover leaf.  A CSK or KSK list MAY
   also include a RFC5011 leaf.

   list CSK {
       leaf Algorithm {
           mandatory true;
           type integer;
       }
       leaf Length {
           mandatory true;
           type integer;
       }
       leaf Lifetime {
           mandatory true;
           type duration;
       }
       leaf Repository {
           mandatory true;
           type string;
       }
       leaf RollType {
           type string;
       }
       leaf Standby {
           type empty;



Lundstroem & Mekking     Expires January 5, 2015                [Page 9]

Internet-Draft                    KASP                         July 2014


       }
       leaf ManualRollover {
           type empty;
       }
       leaf RFC5011 {
           type empty;
       }
   }

   list KSK {
       leaf Algorithm {
           mandatory true;
           type integer;
       }
       leaf Length {
           mandatory true;
           type integer;
       }
       leaf Lifetime {
           mandatory true;
           type duration;
       }
       leaf Repository {
           mandatory true;
           type string;
       }
       leaf RollType {
           type string;
       }
       leaf Standby {
           type empty;
       }
       leaf ManualRollover {
           type empty;
       }
       leaf RFC5011 {
           type empty;
       }
   }

   list ZSK {
       leaf Algorithm {
           mandatory true;
           type integer;
       }
       leaf Length {
           mandatory true;
           type integer;



Lundstroem & Mekking     Expires January 5, 2015               [Page 10]

Internet-Draft                    KASP                         July 2014


       }
       leaf Lifetime {
           mandatory true;
           type duration;
       }
       leaf Repository {
           mandatory true;
           type string;
       }
       leaf RollType {
           type string;
       }
       leaf Standby {
           type empty;
       }
       leaf ManualRollover {
           type empty;
       }
   }

   where:

   1.  Algorithm - this algorithm MUST be used.

   2.  Length - this key length MUST be used.

   3.  Lifetime - determines how long the key SHOULD be used for before
       it is rolled.

   4.  Repository - determines the location of the physical keys.  The
       corresponding type of keys MUST be stored in this repository.

   5.  Standby - if present, determines the number of standby keys MUST
       be held in the zone.

   6.  ManualRollover - if present, this indicates that the key rollover
       MUST NOT occur automatically, it may only be initiated by the
       operator.

   7.  RFC5011 - if present, this indicates that the key rollover MUST
       include additional time for key publication and retirement and
       MUST revoke the predecessor key accordingly.

2.1.1.4.  Zone

   The Zone container encloses general information concerning the zone.
   It MAY include a PropagationDelay leaf and MUST have a SOA container.




Lundstroem & Mekking     Expires January 5, 2015               [Page 11]

Internet-Draft                    KASP                         July 2014


   The SOA container MUST include a TTL leaf, Minimum leaf and Serial
   leaf.

   container Zone {
       leaf PropagationDelay {
           type duration;
       }
       container SOA {
           leaf TTL {
               mandatory true;
               type duration;
           }
           leaf Minimum {
               mandatory true;
               type duration;
           }
           leaf Serial {
               mandatory true;
               type string;
           }
       }
   }

   The PropagationDelay leaf holds the amount of time needed for
   information changes at the master server for the zone to work its way
   through to all the secondary servers.  The value MAY be used in
   equations related to key timings during a rollover.  If
   PropagationDelay is not used, a signer MUST use different heuristics
   to make sure key timings during a rollover are correct, for example
   by querying the name servers for the required records to exist.

   The SOA container gives values of parameters for the SOA record in
   the signed zone.  These values will override values set for the SOA
   record in the unsigned zone file:

   1.  TTL - The TTL of the SOA record MUST be set to the value of the
       TTL leaf.

   2.  Minimum - The MINIMUM RDATA field of the SOA record MUST be set
       to the value of the Minimum leaf.

   3.  Serial - The format of the serial number in the signed zone.
       This is one of: "counter", datecounter, unixtime, keep.

   When Serial is set to "counter", the SOA serial MUST be incremented
   by one every re-sign.





Lundstroem & Mekking     Expires January 5, 2015               [Page 12]

Internet-Draft                    KASP                         July 2014


   When Serial is set to "datecounter", the SOA serial MUST be set to
   YYYYMMDDCC, where YYYYMMDD represents the current date and CC the
   number of new re-signs that day.  If there are more than 100 re-signs
   a day, the date MUST rollover to the day after and count is reset to
   00.

   When Serial is "unixtime", the SOA serial MUST be set to the seconds
   since the epoch (1970-01-01 UTC).

   When Serial is "keep" the SOA serial MUST be set to the SERIAL RDATA
   field of the SOA record in the unsigned zone.  If this does not
   increment the last used serial, a signer MUST NOT produce a signed
   zone.

2.1.1.5.  Parent

   If a DNSSEC zone is in a chain of trust, digest information about the
   KSKs used in the zone will be published in DS records in the parent
   zone.  To properly roll keys, timing information about the parent
   zone must be configured in the Parent container.  A Parent container
   MAY include a PropagationDelay leaf, a DS container and a SOA
   container.  The DS container MAY include a TTL leaf and the SOA
   container MAY include TTL and Minimum leafs.

   container Parent {
       leaf PropagationDelay {
           type duration;
       }
       container DS {
           leaf TTL {
               type duration;
           }
       }
       container SOA {
           leaf TTL {
               type duration;
           }
           leaf Minimum {
               type duration;
           }
       }
   }

   Here, the PropagationDelay leaf configures how long it takes to get a
   DS record published in the parent zone after submitting the DNSKEY or
   DS record to the parent zone manager.  The value SHOULD be used in
   equations related to key timings during a rollover.  If
   PropagationDelay is not used, a signer MUST use different heuristics



Lundstroem & Mekking     Expires January 5, 2015               [Page 13]

Internet-Draft                    KASP                         July 2014


   to make sure key timings during a rollover are correct, for example
   by querying the name servers for the required records to exist.

   The DS and SOA containers give values of parameters for the DS record
   and SOA record in the parent zone.  These values SHOULD be used in
   equations related to key timings during a rollover.  If these values
   are not used, a signer MUST query the parent name servers in order to
   retrieve the correct values.

   A before:

   1.  TTL - The TTL of the DS and SOA records MUST be set to the value
       of the corresponding TTL leaf.

   2.  Minimum - The MINIMUM RDATA field of the SOA record MUST be set
       to the value of the Minimum leaf.

3.  References

3.1.  Informative References

   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "DNS Security Introduction and Requirements", RFC
              4033, March 2005.

   [RFC4034]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "Resource Records for the DNS Security Extensions",
              RFC 4034, March 2005.

   [RFC4035]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
              Rose, "Protocol Modifications for the DNS Security
              Extensions", RFC 4035, March 2005.

   [RFC5155]  Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS
              Security (DNSSEC) Hashed Authenticated Denial of
              Existence", RFC 5155, March 2008.

   [RFC6781]  Kolkman, O., Mekking, W., and R. Gieben, "DNSSEC
              Operational Practices, Version 2", RFC 6781, December
              2012.

3.2.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.






Lundstroem & Mekking     Expires January 5, 2015               [Page 14]

Internet-Draft                    KASP                         July 2014


   [RFC6020]  Bjorklund, M., "YANG - A Data Modeling Language for the
              Network Configuration Protocol (NETCONF)", RFC 6020,
              October 2010.
















































Lundstroem & Mekking     Expires January 5, 2015               [Page 15]

Internet-Draft                    KASP                         July 2014


Appendix A.  Changelog

   o  Initial version

Authors' Addresses

   Jerry Lundstroem
   .SE
   Ringvaegen 100
   Box 7399
   Stockholm  103 91
   SE

   EMail: jerry.lundstrom@iis.se
   URI:   http://www.iis.se/


   W. (Matthijs) Mekking
   NLnet Labs
   Science Park 400
   Amsterdam  1098 XH
   NL

   EMail: matthijs@nlnetlabs.nl
   URI:   http://www.nlnetlabs.nl/


























Lundstroem & Mekking     Expires January 5, 2015               [Page 16]