Skip to main content

DOA over DNS
draft-durand-doa-over-dns-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Authors Alain Durand , Ray Bellis
Last updated 2017-07-17
Replaced by draft-durand-object-exchange
RFC stream (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
draft-durand-doa-over-dns-00
Independent Submission                                         A. Durand
Internet-Draft                                                     ICANN
Intended status: Experimental                                  R. Bellis
Expires: January 18, 2018                                            ISC
                                                           July 17, 2017

                              DOA over DNS
                      draft-durand-doa-over-dns-00

Abstract

   Abstract

   This document defines a DOA RR type to implement the DOA architecture
   over DNS.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 18, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Durand & Bellis         Expires January 18, 2018                [Page 1]
Internet-Draft                DOA over DNS                     July 2017

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  The DOA Resource Record . . . . . . . . . . . . . . . . . . .   2
     3.1.  Description . . . . . . . . . . . . . . . . . . . . . . .   2
       3.1.1.  Enterprise and Type fields  . . . . . . . . . . . . .   3
       3.1.2.  Location field  . . . . . . . . . . . . . . . . . . .   3
       3.1.3.  Media Type  . . . . . . . . . . . . . . . . . . . . .   4
       3.1.4.  Data  . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  DOA RDATA Wire Format . . . . . . . . . . . . . . . . . .   4
     3.3.  DOA RDATA Presentation Format . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   5
   6.  Operational consideration . . . . . . . . . . . . . . . . . .   5
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
     7.1.  DOA Location Type Registry  . . . . . . . . . . . . . . .   6
     7.2.  DOA Type Registry . . . . . . . . . . . . . . . . . . . .   6
     7.3.  RR Type Application Template  . . . . . . . . . . . . . .   7
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     9.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   This document defines a DOA RR type to implement the DOA architecture
   over DNS.  Each RR contains an object type that might be opaque and
   private to the producer and the consumer of the data and either the
   data (if small enough to fit in the RR) or a pointer on how to
   retrieve the actual data.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  The DOA Resource Record

3.1.  Description

   The Type value for the DOA RR is TBD2.  The DOA RR is class
   independent.

Durand & Bellis         Expires January 18, 2018                [Page 2]
Internet-Draft                DOA over DNS                     July 2017

   The RDATA of the resource record comprises of five fields: DOA-
   ENTERPRISE, DOA-TYPE, DOA-MEDIA-TYPE, DOA-LOCATION and DOA-DATA.

3.1.1.  Enterprise and Type fields

   The DOA-ENTERPRISE and DOA-TYPE fields are combined to indicate the
   semantic type of the DOA record being represented by the RR.  That
   semantic is private to the producer of data hosted on an
   authoritative DNS server and the application software using a DNS
   stub resolver to retrieve it.

   The DOA-ENTERPRISE field uses values as specified in the IANA SMI
   Network Management Private Enterprise Codes Registry
   [IANA-ENTERPRISE].  An exception to that is that the reserved value
   of zero (0) is used to indicate that the the DOA-ENTERPRISE is not
   set.

   Some values of DOA-TYPE are registered in an IANA registry, others
   are privately defined.  As those private types might be used in
   cross-organization systems, use of the DOA-ENTERPRISE field is
   RECOMMENDED to disambiguate types.

3.1.2.  Location field

   The DOA-LOCATION field signals how the DOA-DATA field should be
   interpreted using the values specified in the DOA Location Type
   Registry Section 7.1.

   The value 0 is reserved.

   For the value 1 ("Local"), the DOA-DATA contains the actual DOA
   object.

   For the value 2 ("URI") the DOA-DATA contains a UTF-8 encoded string
   representing the URI from which the DOA object may be obtained.

   For the value 3 ("HDL") the DOA-DATA contains a UTF-8 encoded string
   representing the handle from the Handle System [RFC3650]  from which
   the DOA object may be obtained.

   Other values might be defined in the future, for example for NFS,
   LDAP, etc...

   DNS software implementing the DOA RR type MUST NOT drop or otherwise
   refuse to handle the DOA RRs containing an unknown or unsupported
   DOA-location and MUST treat the DOA-DATA portion of the RR as an
   abstract opaque field.

Durand & Bellis         Expires January 18, 2018                [Page 3]
Internet-Draft                DOA over DNS                     July 2017

3.1.3.  Media Type

   The DOA-MEDIA-TYPE field contains the Internet media type [RFC6838]
   for the DOA object represented by this record.

   If a non-Local object is retrieved over a protocol that supports
   inclusion of a media type value (e.g. an HTTP Content-Type header)
   then the client MUST use that value (if supplied) in preference to
   any value specified inside this resource record.  In such case, the
   DOA-MEDIA-TYPE MAY be set to NULL, length 0.

3.1.4.  Data

   The DOA-DATA field contains either the object's data, or some form of
   reference specifying from where the data can be obtained, per the
   DOA-LOCATION field above.

3.2.  DOA RDATA Wire Format

       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
    0: |                                                               |
       |                        DOA-ENTERPRISE                         |
       |                                                               |
       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
    4: |                                                               |
       |                           DOA-TYPE                            |
       |                                                               |
       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
    8: |         DOA-LOCATION          |         DOA-MEDIA-TYPE        |
       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
   10: |                                                               |
       /                  DOA-MEDIA-TYPE (continued)                   /
       /                                                               /
       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
       /                                                               /
       /                           DOA-DATA                            /
       /                                                               /
       +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

   DOA-ENTERPRISE: a 32-bit field in network order.

   DOA-TYPE: a 32-bit field in network order.

   DOA-LOCATION: a single octet field.

   DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]).  The first
   octet of the <character-string> contains the number of characters to
   follow.

Durand & Bellis         Expires January 18, 2018                [Page 4]
Internet-Draft                DOA over DNS                     July 2017

   DOA-DATA: A variable length blob.  The length of the DOA-DATA is not
   contained within the wire format of the RR and must be computed from
   the RDLENGTH of the entire RR once other fields have been taken into
   account.

   << TODO: is the limitation of 255 characters of the Media Type field
   likely to be a limitation? >>

3.3.  DOA RDATA Presentation Format

   The DOA-ENTERPRISE field is presented as an unsigned decimal integer
   with range 0 - 4,294,967,295.

   The DOA-TYPE field is presented as an unsigned decimal integer with
   range 0 - 4,294,967,295.

   The DOA-LOCATION field is presented as an unsigned decimal integer
   with range 0 - 255.

   The DOA-MEDIA-TYPE field is presented as a single <character-string>.

   The DOA-DATA is presented either as a single string enclosed in
   double-quote ('"') characters, or the token # followed by an unsigned
   decimal integer specifying the length of the following data, to be
   presented as zero or more words of hexadecimal data each containing
   an even number of digits (c.f.  [RFC3597]).

4.  Security Considerations

   The use of DNSSEC is encouraged to protect the integrity of the data
   contained in the DOA RR type.

5.  Privacy Considerations

   Personally identifiable information (PII) data appearing in the DOA-
   DATA field SHOULD be encrypted.

6.  Operational consideration

   Some DOA records might contain large data that is only of interest to
   a single party, as such, caching those records does not provide much
   benefits and could be considered a denial of service attack on the
   caching resolver infrastructure.  It is thus RECOMMENDED that the TTL
   associated with large DOA RRs be set as small as possible to avoid
   caching.

Durand & Bellis         Expires January 18, 2018                [Page 5]
Internet-Draft                DOA over DNS                     July 2017

7.  IANA Considerations

7.1.  DOA Location Type Registry

   IANA are requested to create the DOA Location Type Registry with
   initial contents as follows:

       +-----------+-------------------------------+---------------+
       |     Value | Location                      | Specification |
       +-----------+-------------------------------+---------------+
       |         0 | Reserved                      | RFC-TBD1      |
       |           |                               |               |
       |         1 | Local                         | RFC-TBD1      |
       |           |                               |               |
       |         2 | URI                           | RFC-TBD1      |
       |           |                               |               |
       |         3 | HDL                           | RFC-TBD1      |
       |           |                               |               |
       |   4 - 199 | Unassigned                    | RFC-TBD1      |
       |           |                               |               |
       | 200 - 254 | Reserved for Private Use      | RFC-TBD1      |
       |           |                               |               |
       |       255 | Reserved - cannot be assigned | RFC-TBD1      |
       +-----------+-------------------------------+---------------+

   Assignments in the 4-199 range in this registry require Expert
   Review.

7.2.  DOA Type Registry

   IANA are requested to create the DOA Type Registry with initial
   contents as follows:

         +------------+--------------------------+---------------+
         |      Value | Name                     | Specification |
         +------------+--------------------------+---------------+
         |          0 | Reserved                 | RFC-TBD1      |
         |            |                          |               |
         | 1 - 99,999 | Unassigned               | RFC-TBD1      |
         |            |                          |               |
         |   100000 - | Reserved for Private Use | RFC-TBD1      |
         +------------+--------------------------+---------------+

   Assignments in the 1-99,999 range in this registry require Expert
   Review.

Durand & Bellis         Expires January 18, 2018                [Page 6]
Internet-Draft                DOA over DNS                     July 2017

7.3.  RR Type Application Template

   << The RRTYPE Allocation Template per RFC 6895 will be included
   here >>

8.  Acknowledgements

9.  References

9.1.  Normative References

   [IANA-ENTERPRISE]
              IANA, "SMI Network Management Private Enterprise Codes
              Registry", n.d., <https://www.iana.org/assignments/
              enterprise-numbers/enterprise-numbers>.

   [RFC1035]  Mockapetris, P., "Domain names - implementation and
              specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
              November 1987, <http://www.rfc-editor.org/info/rfc1035>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
              RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3597]  Gustafsson, A., "Handling of Unknown DNS Resource Record
              (RR) Types", RFC 3597, DOI 10.17487/RFC3597, September
              2003, <http://www.rfc-editor.org/info/rfc3597>.

   [RFC6838]  Freed, N., Klensin, J., and T. Hansen, "Media Type
              Specifications and Registration Procedures", BCP 13, RFC
              6838, DOI 10.17487/RFC6838, January 2013,
              <http://www.rfc-editor.org/info/rfc6838>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <http://www.rfc-editor.org/info/rfc8174>.

9.2.  Informative References

   [RFC3650]  Sun, S., Lannom, L., and B. Boesch, "Handle System
              Overview", RFC 3650, DOI 10.17487/RFC3650, November 2003,
              <http://www.rfc-editor.org/info/rfc3650>.

Durand & Bellis         Expires January 18, 2018                [Page 7]
Internet-Draft                DOA over DNS                     July 2017

Authors' Addresses

   Alain Durand
   Internet Corporation for Assigned Names and Numbers
   801 17th St NW Suite 400
   Washington  DC 20006
   USA

   Email: Alain.Durand@icann.org

   Ray Bellis
   Internet Systems Consortium, Inc.
   950 Charter Street
   Redwood City  CA 94063
   USA

   Phone: +1 650 423 1200
   Email: ray@isc.org

Durand & Bellis         Expires January 18, 2018                [Page 8]