Automated Updates of DNS Security (DNSSEC) Trust Anchors
draft-ietf-dnsext-trustupdate-timers-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
06 | (System) | post-migration administrative database adjustment to the No Objection position for Tim Polk |
2007-07-19
|
06 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2007-07-19
|
06 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2007-07-17
|
06 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2007-07-13
|
06 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2007-07-13
|
06 | (System) | IANA Action state changed to In Progress |
2007-07-12
|
06 | Amy Vezza | IESG state changed to Approved-announcement sent |
2007-07-12
|
06 | Amy Vezza | IESG has approved the document |
2007-07-12
|
06 | Amy Vezza | Closed "Approve" ballot |
2007-07-12
|
06 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza |
2007-07-12
|
06 | Mark Townsley | [Note]: 'Approved.' added by Mark Townsley |
2007-07-05
|
06 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk |
2007-07-05
|
06 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk |
2007-05-25
|
06 | (System) | Removed from agenda for telechat - 2007-05-24 |
2007-05-24
|
06 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2007-05-24
|
06 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2007-05-24
|
06 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko |
2007-05-24
|
06 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson |
2007-05-24
|
06 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2007-05-23
|
06 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2007-05-23
|
06 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2007-05-23
|
06 | Sam Hartman | [Ballot Position Update] Position for Sam Hartman has been changed to Yes from Discuss by Sam Hartman |
2007-05-23
|
06 | Sam Hartman | [Ballot Position Update] New position, Discuss, has been recorded by Sam Hartman |
2007-05-23
|
06 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2007-05-22
|
06 | Russ Housley | [Ballot comment] In his SecDir Review, Stefan Santesson said: > > This document introduce a rule set for revocation of a DNS key … [Ballot comment] In his SecDir Review, Stefan Santesson said: > > This document introduce a rule set for revocation of a DNS key > where revocation of that key requires use of the corresponding > private key. This raises a question how you revoke a key that > may be compromised but where the private key has been lost. Is > there a non-recoverable security risk involved if a vital key > can't be revoked due to such situation? > The security considerations ought to discuss this point. It already says that a non-compromised key is needed to recover. However it does not say anything about the situation where a hardware module fails that contains the private key. It is not compromised, but no one can make use of it. (I'm ignoring backup of keys for simplicity. I think the author will still understand the point.) |
2007-05-22
|
06 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2007-05-22
|
06 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2007-05-21
|
06 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2007-05-18
|
06 | Tim Polk | [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key … [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key until the hold-down expires for the new key ('C'). Wouldn't it be more prudent to revoke the old key ('A') after the add hold-down expires for the new key? To meet the requirement for "Non-degrading trust" (as defined in Section 5.13 of dnsext-rollover-requirements), new stand-by keys should be at least as strong as as the current active keys. This should be noted briefly in the security considerations section. |
2007-05-17
|
06 | Tim Polk | [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key … [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key until the hold-down expires for the new key ('C'). Wouldn't it be more prudent to revoke the old key ('A') after the add hold-down expires for the new key? |
2007-05-17
|
06 | Tim Polk | [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? … [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? The current text of section 3 begins "Bit n of the DNSKEY Flags field", and there is no inline note to the RFC editor to update the text... In section 2.3, I don't think you need "MAX" in the definition of queryInterval. Similarly, I believe there are issues with the definition of retryTime in the following paragraph. I think both should specify a range, but MAX gives us a scalar right? |
2007-05-17
|
06 | Tim Polk | [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? … [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? The current text of section 3 begins "Bit n of the DNSKEY Flags field", and there is no inline note to the RFC editor to update the text... In section 2.3, I don't think you need "MAX" in the definition of queryInterval. Similarly, I believe there are issues with the definition of retryTime in the following paragraph. I think both should specify a range, but MAX gives us a scalar right? |
2007-05-17
|
06 | Tim Polk | [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key … [Ballot discuss] The key roll-over process described in section 6.3 results in a trust point with a single active key ('B') and no stand-by key until the hold-down expires for the new key ('C'). Wouldn't it be more prudent to revoke the old key ('A') after the add hold-down expires for the new key? |
2007-05-17
|
06 | Tim Polk | [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? … [Ballot comment] Should we include an RFC Editor Note to update section 3 based on the assignment of a bit in the DNSKEY flags field? The current text of section 3 begins "Bit n of the DNSKEY Flags field", and there is no inline note to the RFC editor to update the text... |
2007-05-17
|
06 | Tim Polk | [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk |
2007-05-14
|
06 | Mark Townsley | [Ballot Position Update] New position, Yes, has been recorded for Mark Townsley |
2007-05-14
|
06 | Mark Townsley | Ballot has been issued by Mark Townsley |
2007-05-14
|
06 | Mark Townsley | Created "Approve" ballot |
2007-05-14
|
06 | Mark Townsley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup by Mark Townsley |
2007-05-14
|
06 | Mark Townsley | Placed on agenda for telechat - 2007-05-24 by Mark Townsley |
2007-05-14
|
06 | Mark Townsley | [Note]: 'draft-ietf-dnsext-rollover-requirements-04 is the associated requirements document' added by Mark Townsley |
2007-04-04
|
06 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2007-04-04
|
06 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-06.txt |
2007-04-03
|
06 | Mark Townsley | State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead by Mark Townsley |
2007-01-30
|
06 | Yoshiko Fong | IANA Last call Comment: IANA understands that, upon approval of this document, there is a single IANA Action that needs to be completed. In the … IANA Last call Comment: IANA understands that, upon approval of this document, there is a single IANA Action that needs to be completed. In the DNSKEY FLAGS registry located at: http://www.iana.org/assignments/dnskey-flags a single value would be added: Number Description ------ ------------------------------ TBD REVOKE IANA understands that this is the only action required upon approval of this document. |
2007-01-29
|
06 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2007-01-15
|
06 | Amy Vezza | Last call sent |
2007-01-15
|
06 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2007-01-15
|
06 | Mark Townsley | Last Call was requested by Mark Townsley |
2007-01-15
|
06 | Mark Townsley | State Changes to Last Call Requested from Publication Requested by Mark Townsley |
2007-01-15
|
06 | (System) | Ballot writeup text was added |
2007-01-15
|
06 | (System) | Last call text was added |
2007-01-15
|
06 | (System) | Ballot approval text was added |
2006-12-21
|
06 | Dinara Suleymanova | PROTO Write-up 1) Have the chairs personally reviewed this version of the ID and do they believe this ID is sufficiently baked to forward to … PROTO Write-up 1) Have the chairs personally reviewed this version of the ID and do they believe this ID is sufficiently baked to forward to the IESG for publication? There are no nits according to idnits 1.108 (via tools.ietf.org). One could argue that DNSSEC terminology should have been expanded at first use, the chairs thinks this is not needed. 2) Has the document had adequate review from both key WG members and key non-WG members? Do you have any concerns about the depth or breadth of the reviews that have been performed? Yes during last-call this document has been reviewed in depth by (at least) the following people. - Wouter Wijngaards http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01270.html - Sam Weiler http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01357.html - Scott Rose http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01280.html - Andrew Sullivan http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01306.html - Wesley Griffin http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01372.html - Robert Story http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01373.html - Suresh Krishnaswamy http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01311.html At an earlier phase the document has been reviewed by Eric Rescorla. http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01026.html (Eric brought up a number of issues which were argued to be operational issues concerning key handling and not relevant to the protocol described in the draft.) Reviewers have compared the properties of this rollover mechanism with the goals as set in the rollover-requirements draft. The reviewers are satisfied that the threshold-timers document satisfies (see section 5 of draft-ietf-dnsext-rollover-requirements) 1. Scalability 3. General Applicability 4. Support Private Networks 7. Planned and Unplanned Rollovers 8. Timeliness 10. New RR Types (unclear requirement, but no new RR type needed) 11. Support for Trust Anchor Maintenance Operations (accomplishes replace w/ separate add/delete) 12. Recovery From Compromise 13. Non-degrading Trust There have been ('non-blocking') comments about: 5. Stale Trust Anchor Detection Depending on how many revoked DNSKEYs are in the RRset 6. Manual Operations From the resolver point of view the operations may be difficult to perform manually, on the zone-owner side manual operations is not a problem. 9. High Availability In particular the amount of revoked DNSKEYs could increase the size of the DNSKEY RRset to 2. No Intellectual Property Encumbrance Folk have been reluctant to comment on the status of the IPR claims more about this at 4) below. 3) Do you have concerns that the document needs more review from a particular (broader) perspective (e.g., security, operational complexity, someone familiar with AAA, etc.)? We think this document has had sufficient review, also from security savvy reviewers, on the other hand a final review will never hurt. 4) Do you have any specific concerns/issues with this document that you believe the ADs and/or IESG should be aware of? For example, perhaps you are uncomfortable with certain parts of the document, or whether there really is a need for it, etc., but at the same time these issues have been discussed in the WG and the WG has indicated it wishes to advance the document anyway. The rollover-requirements draft states that the preferred solution should not be IPR encumbered. Mr. Moreau claims that a patent applies (see http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01283.html) The editor does not agree with this statement. We do not know if Mr. Moreau followed the instructions in 6.1.3 of BCP79. Besides, Diversinet claimed IPR (see https://datatracker.ietf.org/public/ipr_search.cgi? option=document_search&document_search=ietf-dnsext-trustupdate-timers) It should also be noted that there were a number of proposals from which this particular draft was selected. This included draft-ietf-dnsext-trustupdate-threshold (covered by the same Diversinet IPR claim) and draft-moreau-dnsext-takrem-dns-02.txt (see https://datatracker.ietf.org/public/ipr_detail_show.cgi?ipr_id=639). The draft-moreau-dnsext-takrem-dns-02 draft was published with a non-derivative clause. The working group has been made aware of the IPR claims and they were not subject to further discussion about applicability. 5) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The selection for this particular proposal was done during the face-2-face meeting in Montreal and met wide consensus. This consensus was confirmed on-list. Also during the last call there were several folk that supported this document explicitly. 6) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize what are they upset about. Mr. Moreau has indicated that he would abtain from providing input on this draft because he is not satisfied with the requirements draft. (http://ops.ietf.org/lists/namedroppers/namedroppers.2006/ msg01327.html). He has not threatened with an appeal. 7) Have the chairs verified that the document adheres to _all_ of the ID nits? (see http://www.ietf.org/ID-nits.html). Yes. 8) For Standards Track and BCP documents, the IESG approval announcement includes a writeup section with the following sections: - Technical Summary The document describes a means for automatically updating public keys that are configured in DNSSEC aware resolvers. New trust-anchors are configured when signatures over them can be validated using the previous trust-anchors. By introducing explicit revocation and a delay mechanism the chances of an attacker introducing a mala fide trust-anchor after a key compromise are mitigated, albeit not solved. - Working Group Summary There is a broad consensus that this solution provides a workable key-rollover. The working group is aware IPR issues. - Protocol Quality There are no implementations yet. The chairs are aware of at least 1 and maybe 2 independent organizations that plan on implementing. At least one implementer has done in-depth review during last call. The chairs are of the opinion that after implementations are written there is probably millage in documenting operational experiences. |
2006-12-21
|
06 | Dinara Suleymanova | Draft Added by Dinara Suleymanova in state Publication Requested |
2006-11-30
|
05 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-05.txt |
2006-11-08
|
06 | (System) | Request for Early review by SECDIR is assigned to Stefan Santesson |
2006-11-08
|
06 | (System) | Request for Early review by SECDIR is assigned to Stefan Santesson |
2006-09-08
|
04 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-04.txt |
2006-07-17
|
03 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-03.txt |
2006-01-10
|
02 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-02.txt |
2005-08-16
|
01 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-01.txt |
2005-03-08
|
(System) | Posted related IPR disclosure: Diversinet Corp.'s statement about IPR claimed in draft-ietf-dnsext-trustupdate-timers-00.txt | |
2005-02-06
|
(System) | Posted related IPR disclosure: Diversinet Corp.'s statement about IPR claimed in draft-ietf-dnsext-trustupdate-timers-00.txt | |
2004-10-27
|
00 | (System) | New version available: draft-ietf-dnsext-trustupdate-timers-00.txt |