| blob | f99573dd1cdfa0f0ffd47fff51e0705a5436ea6f |
7 Network Working Group D. Eastlake, 3rd
8 Request for Comments: 2930 Motorola
9 Category: Standards Track September 2000
12 Secret Key Establishment for DNS (TKEY RR)
14 Status of this Memo
16 This document specifies an Internet standards track protocol for the
17 Internet community, and requests discussion and suggestions for
18 improvements. Please refer to the current edition of the "Internet
19 Official Protocol Standards" (STD 1) for the standardization state
20 and status of this protocol. Distribution of this memo is unlimited.
22 Copyright Notice
24 Copyright (C) The Internet Society (2000). All Rights Reserved.
26 Abstract
28 [RFC 2845] provides a means of authenticating Domain Name System
29 (DNS) queries and responses using shared secret keys via the
30 Transaction Signature (TSIG) resource record (RR). However, it
31 provides no mechanism for setting up such keys other than manual
32 exchange. This document describes a Transaction Key (TKEY) RR that
33 can be used in a number of different modes to establish shared secret
34 keys between a DNS resolver and server.
36 Acknowledgments
38 The comments and ideas of the following persons (listed in alphabetic
39 order) have been incorporated herein and are gratefully acknowledged:
41 Olafur Gudmundsson (TIS)
43 Stuart Kwan (Microsoft)
45 Ed Lewis (TIS)
47 Erik Nordmark (SUN)
49 Brian Wellington (Nominum)
58 Eastlake Standards Track [Page 1]
59 \f
60 RFC 2930 The DNS TKEY RR September 2000
63 Table of Contents
65 1. Introduction............................................... 2
66 1.1 Overview of Contents...................................... 3
67 2. The TKEY Resource Record................................... 4
68 2.1 The Name Field............................................ 4
69 2.2 The TTL Field............................................. 5
70 2.3 The Algorithm Field....................................... 5
71 2.4 The Inception and Expiration Fields....................... 5
72 2.5 The Mode Field............................................ 5
73 2.6 The Error Field........................................... 6
74 2.7 The Key Size and Data Fields.............................. 6
75 2.8 The Other Size and Data Fields............................ 6
76 3. General TKEY Considerations................................ 7
77 4. Exchange via Resolver Query................................ 8
78 4.1 Query for Diffie-Hellman Exchanged Keying................. 8
79 4.2 Query for TKEY Deletion................................... 9
80 4.3 Query for GSS-API Establishment........................... 10
81 4.4 Query for Server Assigned Keying.......................... 10
82 4.5 Query for Resolver Assigned Keying........................ 11
83 5. Spontaneous Server Inclusion............................... 12
84 5.1 Spontaneous Server Key Deletion........................... 12
85 6. Methods of Encryption...................................... 12
86 7. IANA Considerations........................................ 13
87 8. Security Considerations.................................... 13
88 References.................................................... 14
89 Author's Address.............................................. 15
90 Full Copyright Statement...................................... 16
92 1. Introduction
94 The Domain Name System (DNS) is a hierarchical, distributed, highly
95 available database used for bi-directional mapping between domain
96 names and addresses, for email routing, and for other information
97 [RFC 1034, 1035]. It has been extended to provide for public key
98 security and dynamic update [RFC 2535, RFC 2136]. Familiarity with
99 these RFCs is assumed.
101 [RFC 2845] provides a means of efficiently authenticating DNS
102 messages using shared secret keys via the TSIG resource record (RR)
103 but provides no mechanism for setting up such keys other than manual
104 exchange. This document specifies a TKEY RR that can be used in a
105 number of different modes to establish and delete such shared secret
106 keys between a DNS resolver and server.
114 Eastlake Standards Track [Page 2]
115 \f
116 RFC 2930 The DNS TKEY RR September 2000
119 Note that TKEY established keying material and TSIGs that use it are
120 associated with DNS servers or resolvers. They are not associated
121 with zones. They may be used to authenticate queries and responses
122 but they do not provide zone based DNS data origin or denial
123 authentication [RFC 2535].
125 Certain modes of TKEY perform encryption which may affect their
126 export or import status for some countries. The affected modes
127 specified in this document are the server assigned mode and the
128 resolver assigned mode.
130 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
131 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
132 document are to be interpreted as described in [RFC 2119].
134 In all cases herein, the term "resolver" includes that part of a
135 server which may make full and incremental [RFC 1995] zone transfer
136 queries, forwards recursive queries, etc.
138 1.1 Overview of Contents
140 Section 2 below specifies the TKEY RR and provides a description of
141 and considerations for its constituent fields.
143 Section 3 describes general principles of operations with TKEY.
145 Section 4 discusses key agreement and deletion via DNS requests with
146 the Query opcode for RR type TKEY. This method is applicable to all
147 currently defined TKEY modes, although in some cases it is not what
148 would intuitively be called a "query".
150 Section 5 discusses spontaneous inclusion of TKEY RRs in responses by
151 servers which is currently used only for key deletion.
153 Section 6 describes encryption methods for transmitting secret key
154 information. In this document these are used only for the server
155 assigned mode and the resolver assigned mode.
157 Section 7 covers IANA considerations in assignment of TKEY modes.
159 Finally, Section 8 provides the required security considerations
160 section.
170 Eastlake Standards Track [Page 3]
171 \f
172 RFC 2930 The DNS TKEY RR September 2000
175 2. The TKEY Resource Record
177 The TKEY resource record (RR) has the structure given below. Its RR
178 type code is 249.
180 Field Type Comment
181 ----- ---- -------
183 NAME domain see description below
184 TTYPE u_int16_t TKEY = 249
185 CLASS u_int16_t ignored, SHOULD be 255 (ANY)
186 TTL u_int32_t ignored, SHOULD be zero
187 RDLEN u_int16_t size of RDATA
188 RDATA:
189 Algorithm: domain
190 Inception: u_int32_t
191 Expiration: u_int32_t
192 Mode: u_int16_t
193 Error: u_int16_t
194 Key Size: u_int16_t
195 Key Data: octet-stream
196 Other Size: u_int16_t
197 Other Data: octet-stream undefined by this specification
199 2.1 The Name Field
201 The Name field relates to naming keys. Its meaning differs somewhat
202 with mode and context as explained in subsequent sections.
204 At any DNS server or resolver only one octet string of keying
205 material may be in place for any particular key name. An attempt to
206 establish another set of keying material at a server for an existing
207 name returns a BADNAME error.
209 For a TKEY with a non-root name appearing in a query, the TKEY RR
210 name SHOULD be a domain locally unique at the resolver, less than 128
211 octets long in wire encoding, and meaningful to the resolver to
212 assist in distinguishing keys and/or key agreement sessions. For
213 TKEY(s) appearing in a response to a query, the TKEY RR name SHOULD
214 be a globally unique server assigned domain.
216 A reasonable key naming strategy is as follows:
218 If the key is generated as the result of a query with root as its
219 owner name, then the server SHOULD create a globally unique domain
220 name, to be the key name, by suffixing a pseudo-random [RFC 1750]
221 label with a domain name of the server. For example
222 89n3mDgX072pp.server1.example.com. If generation of a new
226 Eastlake Standards Track [Page 4]
227 \f
228 RFC 2930 The DNS TKEY RR September 2000
231 pseudo-random name in each case is an excessive computation load
232 or entropy drain, a serial number prefix can be added to a fixed
233 pseudo-random name generated an DNS server start time, such as
234 1001.89n3mDgX072pp.server1.example.com.
236 If the key is generated as the result of a query with a non-root
237 name, say 789.resolver.example.net, then use the concatenation of
238 that with a name of the server. For example
239 789.resolver.example.net.server1.example.com.
241 2.2 The TTL Field
243 The TTL field is meaningless in TKEY RRs. It SHOULD always be zero to
244 be sure that older DNS implementations do not cache TKEY RRs.
246 2.3 The Algorithm Field
248 The algorithm name is in the form of a domain name with the same
249 meaning as in [RFC 2845]. The algorithm determines how the secret
250 keying material agreed to using the TKEY RR is actually used to
251 derive the algorithm specific key.
253 2.4 The Inception and Expiration Fields
255 The inception time and expiration times are in number of seconds
256 since the beginning of 1 January 1970 GMT ignoring leap seconds
257 treated as modulo 2**32 using ring arithmetic [RFC 1982]. In messages
258 between a DNS resolver and a DNS server where these fields are
259 meaningful, they are either the requested validity interval for the
260 keying material asked for or specify the validity interval of keying
261 material provided.
263 To avoid different interpretations of the inception and expiration
264 times in TKEY RRs, resolvers and servers exchanging them must have
265 the same idea of what time it is. One way of doing this is with the
266 NTP protocol [RFC 2030] but that or any other time synchronization
267 used for this purpose MUST be done securely.
269 2.5 The Mode Field
271 The mode field specifies the general scheme for key agreement or the
272 purpose of the TKEY DNS message. Servers and resolvers supporting
273 this specification MUST implement the Diffie-Hellman key agreement
274 mode and the key deletion mode for queries. All other modes are
275 OPTIONAL. A server supporting TKEY that receives a TKEY request with
276 a mode it does not support returns the BADMODE error. The following
277 values of the Mode octet are defined, available, or reserved:
282 Eastlake Standards Track [Page 5]
283 \f
284 RFC 2930 The DNS TKEY RR September 2000
287 Value Description
288 ----- -----------
289 0 - reserved, see section 7
290 1 server assignment
291 2 Diffie-Hellman exchange
292 3 GSS-API negotiation
293 4 resolver assignment
294 5 key deletion
295 6-65534 - available, see section 7
296 65535 - reserved, see section 7
298 2.6 The Error Field
300 The error code field is an extended RCODE. The following values are
301 defined:
303 Value Description
304 ----- -----------
305 0 - no error
306 1-15 a non-extended RCODE
307 16 BADSIG (TSIG)
308 17 BADKEY (TSIG)
309 18 BADTIME (TSIG)
310 19 BADMODE
311 20 BADNAME
312 21 BADALG
314 When the TKEY Error Field is non-zero in a response to a TKEY query,
315 the DNS header RCODE field indicates no error. However, it is
316 possible if a TKEY is spontaneously included in a response the TKEY
317 RR and DNS header error field could have unrelated non-zero error
318 codes.
320 2.7 The Key Size and Data Fields
322 The key data size field is an unsigned 16 bit integer in network
323 order which specifies the size of the key exchange data field in
324 octets. The meaning of this data depends on the mode.
326 2.8 The Other Size and Data Fields
328 The Other Size and Other Data fields are not used in this
329 specification but may be used in future extensions. The RDLEN field
330 MUST equal the length of the RDATA section through the end of Other
331 Data or the RR is to be considered malformed and rejected.
338 Eastlake Standards Track [Page 6]
339 \f
340 RFC 2930 The DNS TKEY RR September 2000
343 3. General TKEY Considerations
345 TKEY is a meta-RR that is not stored or cached in the DNS and does
346 not appear in zone files. It supports a variety of modes for the
347 establishment and deletion of shared secret keys information between
348 DNS resolvers and servers. The establishment of such a shared key
349 requires that state be maintained at both ends and the allocation of
350 the resources to maintain such state may require mutual agreement. In
351 the absence of willingness to provide such state, servers MUST return
352 errors such as NOTIMP or REFUSED for an attempt to use TKEY and
353 resolvers are free to ignore any TKEY RRs they receive.
355 The shared secret keying material developed by using TKEY is a plain
356 octet sequence. The means by which this shared secret keying
357 material, exchanged via TKEY, is actually used in any particular TSIG
358 algorithm is algorithm dependent and is defined in connection with
359 that algorithm. For example, see [RFC 2104] for how TKEY agreed
360 shared secret keying material is used in the HMAC-MD5 algorithm or
361 other HMAC algorithms.
363 There MUST NOT be more than one TKEY RR in a DNS query or response.
365 Except for GSS-API mode, TKEY responses MUST always have DNS
366 transaction authentication to protect the integrity of any keying
367 data, error codes, etc. This authentication MUST use a previously
368 established secret (TSIG) or public (SIG(0) [RFC 2931]) key and MUST
369 NOT use any key that the response to be verified is itself providing.
371 TKEY queries MUST be authenticated for all modes except GSS-API and,
372 under some circumstances, server assignment mode. In particular, if
373 the query for a server assigned key is for a key to assert some
374 privilege, such as update authority, then the query must be
375 authenticated to avoid spoofing. However, if the key is just to be
376 used for transaction security, then spoofing will lead at worst to
377 denial of service. Query authentication SHOULD use an established
378 secret (TSIG) key authenticator if available. Otherwise, it must use
379 a public (SIG(0)) key signature. It MUST NOT use any key that the
380 query is itself providing.
382 In the absence of required TKEY authentication, a NOTAUTH error MUST
383 be returned.
385 To avoid replay attacks, it is necessary that a TKEY response or
386 query not be valid if replayed on the order of 2**32 second (about
387 136 years), or a multiple thereof, later. To accomplish this, the
388 keying material used in any TSIG or SIG(0) RR that authenticates a
389 TKEY message MUST NOT have a lifetime of more then 2**31 - 1 seconds
394 Eastlake Standards Track [Page 7]
395 \f
396 RFC 2930 The DNS TKEY RR September 2000
399 (about 68 years). Thus, on attempted replay, the authenticating TSIG
400 or SIG(0) RR will not be verifiable due to key expiration and the
401 replay will fail.
403 4. Exchange via Resolver Query
405 One method for a resolver and a server to agree about shared secret
406 keying material for use in TSIG is through DNS requests from the
407 resolver which are syntactically DNS queries for type TKEY. Such
408 queries MUST be accompanied by a TKEY RR in the additional
409 information section to indicate the mode in use and accompanied by
410 other information where required.
412 Type TKEY queries SHOULD NOT be flagged as recursive and servers MAY
413 ignore the recursive header bit in TKEY queries they receive.
415 4.1 Query for Diffie-Hellman Exchanged Keying
417 Diffie-Hellman (DH) key exchange is a means whereby two parties can
418 derive some shared secret information without requiring any secrecy
419 of the messages they exchange [Schneier]. Provisions have been made
420 for the storage of DH public keys in the DNS [RFC 2539].
422 A resolver sends a query for type TKEY accompanied by a TKEY RR in
423 the additional information section specifying the Diffie-Hellman mode
424 and accompanied by a KEY RR also in the additional information
425 section specifying a resolver Diffie-Hellman key. The TKEY RR
426 algorithm field is set to the authentication algorithm the resolver
427 plans to use. The "key data" provided in the TKEY is used as a random
428 [RFC 1750] nonce to avoid always deriving the same keying material
429 for the same pair of DH KEYs.
431 The server response contains a TKEY in its answer section with the
432 Diffie-Hellman mode. The "key data" provided in this TKEY is used as
433 an additional nonce to avoid always deriving the same keying material
434 for the same pair of DH KEYs. If the TKEY error field is non-zero,
435 the query failed for the reason given. FORMERR is given if the query
436 included no DH KEY and BADKEY is given if the query included an
437 incompatible DH KEY.
439 If the TKEY error field is zero, the resolver supplied Diffie-Hellman
440 KEY RR SHOULD be echoed in the additional information section and a
441 server Diffie-Hellman KEY RR will also be present in the answer
442 section of the response. Both parties can then calculate the same
443 shared secret quantity from the pair of Diffie-Hellman (DH) keys used
444 [Schneier] (provided these DH keys use the same generator and
445 modulus) and the data in the TKEY RRs. The TKEY RR data is mixed
446 with the DH result as follows:
450 Eastlake Standards Track [Page 8]
451 \f
452 RFC 2930 The DNS TKEY RR September 2000
455 keying material =
456 XOR ( DH value, MD5 ( query data | DH value ) |
457 MD5 ( server data | DH value ) )
459 Where XOR is an exclusive-OR operation and "|" is byte-stream
460 concatenation. The shorter of the two operands to XOR is byte-wise
461 left justified and padded with zero-valued bytes to match the length
462 of the other operand. "DH value" is the Diffie-Hellman value derived
463 from the KEY RRs. Query data and server data are the values sent in
464 the TKEY RR data fields. These "query data" and "server data" nonces
465 are suffixed by the DH value, digested by MD5, the results
466 concatenated, and then XORed with the DH value.
468 The inception and expiry times in the query TKEY RR are those
469 requested for the keying material. The inception and expiry times in
470 the response TKEY RR are the maximum period the server will consider
471 the keying material valid. Servers may pre-expire keys so this is
472 not a guarantee.
474 4.2 Query for TKEY Deletion
476 Keys established via TKEY can be treated as soft state. Since DNS
477 transactions are originated by the resolver, the resolver can simply
478 toss keys, although it may have to go through another key exchange if
479 it later needs one. Similarly, the server can discard keys although
480 that will result in an error on receiving a query with a TSIG using
481 the discarded key.
483 To avoid attempted reliance in requests on keys no longer in effect,
484 servers MUST implement key deletion whereby the server "discards" a
485 key on receipt from a resolver of an authenticated delete request for
486 a TKEY RR with the key's name. If the server has no record of a key
487 with that name, it returns BADNAME.
489 Key deletion TKEY queries MUST be authenticated. This authentication
490 MAY be a TSIG RR using the key to be deleted.
492 For querier assigned and Diffie-Hellman keys, the server MUST truly
493 "discard" all active state associated with the key. For server
494 assigned keys, the server MAY simply mark the key as no longer
495 retained by the client and may re-send it in response to a future
496 query for server assigned keying material.
506 Eastlake Standards Track [Page 9]
507 \f
508 RFC 2930 The DNS TKEY RR September 2000
511 4.3 Query for GSS-API Establishment
513 This mode is described in a separate document under preparation which
514 should be seen for the full description. Basically the resolver and
515 server can exchange queries and responses for type TKEY with a TKEY
516 RR specifying the GSS-API mode in the additional information section
517 and a GSS-API token in the key data portion of the TKEY RR.
519 Any issues of possible encryption of parts the GSS-API token data
520 being transmitted are handled by the GSS-API level. In addition, the
521 GSS-API level provides its own authentication so that this mode of
522 TKEY query and response MAY be, but do not need to be, authenticated
523 with TSIG RR or SIG(0) RR [RFC 2931].
525 The inception and expiry times in a GSS-API mode TKEY RR are ignored.
527 4.4 Query for Server Assigned Keying
529 Optionally, the server can assign keying for the resolver. It is
530 sent to the resolver encrypted under a resolver public key. See
531 section 6 for description of encryption methods.
533 A resolver sends a query for type TKEY accompanied by a TKEY RR
534 specifying the "server assignment" mode and a resolver KEY RR to be
535 used in encrypting the response, both in the additional information
536 section. The TKEY algorithm field is set to the authentication
537 algorithm the resolver plans to use. It is RECOMMENDED that any "key
538 data" provided in the query TKEY RR by the resolver be strongly mixed
539 by the server with server generated randomness [RFC 1750] to derive
540 the keying material to be used. The KEY RR that appears in the query
541 need not be accompanied by a SIG(KEY) RR. If the query is
542 authenticated by the resolver with a TSIG RR [RFC 2845] or SIG(0) RR
543 and that authentication is verified, then any SIG(KEY) provided in
544 the query SHOULD be ignored. The KEY RR in such a query SHOULD have
545 a name that corresponds to the resolver but it is only essential that
546 it be a public key for which the resolver has the corresponding
547 private key so it can decrypt the response data.
549 The server response contains a TKEY RR in its answer section with the
550 server assigned mode and echoes the KEY RR provided in the query in
551 its additional information section.
553 If the response TKEY error field is zero, the key data portion of the
554 response TKEY RR will be the server assigned keying data encrypted
555 under the public key in the resolver provided KEY RR. In this case,
556 the owner name of the answer TKEY RR will be the server assigned name
557 of the key.
562 Eastlake Standards Track [Page 10]
563 \f
564 RFC 2930 The DNS TKEY RR September 2000
567 If the error field of the response TKEY is non-zero, the query failed
568 for the reason given. FORMERR is given if the query specified no
569 encryption key.
571 The inception and expiry times in the query TKEY RR are those
572 requested for the keying material. The inception and expiry times in
573 the response TKEY are the maximum period the server will consider the
574 keying material valid. Servers may pre-expire keys so this is not a
575 guarantee.
577 The resolver KEY RR MUST be authenticated, through the authentication
578 of this query with a TSIG or SIG(0) or the signing of the resolver
579 KEY with a SIG(KEY). Otherwise, an attacker can forge a resolver KEY
580 for which they know the private key, and thereby the attacker could
581 obtain a valid shared secret key from the server.
583 4.5 Query for Resolver Assigned Keying
585 Optionally, a server can accept resolver assigned keys. The keying
586 material MUST be encrypted under a server key for protection in
587 transmission as described in Section 6.
589 The resolver sends a TKEY query with a TKEY RR that specifies the
590 encrypted keying material and a KEY RR specifying the server public
591 key used to encrypt the data, both in the additional information
592 section. The name of the key and the keying data are completely
593 controlled by the sending resolver so a globally unique key name
594 SHOULD be used. The KEY RR used MUST be one for which the server has
595 the corresponding private key, or it will not be able to decrypt the
596 keying material and will return a FORMERR. It is also important that
597 no untrusted party (preferably no other party than the server) has
598 the private key corresponding to the KEY RR because, if they do, they
599 can capture the messages to the server, learn the shared secret, and
600 spoof valid TSIGs.
602 The query TKEY RR inception and expiry give the time period the
603 querier intends to consider the keying material valid. The server
604 can return a lesser time interval to advise that it will not maintain
605 state for that long and can pre-expire keys in any case.
607 This mode of query MUST be authenticated with a TSIG or SIG(0).
608 Otherwise, an attacker can forge a resolver assigned TKEY query, and
609 thereby the attacker could specify a shared secret key that would be
610 accepted, used, and honored by the server.
618 Eastlake Standards Track [Page 11]
619 \f
620 RFC 2930 The DNS TKEY RR September 2000
623 5. Spontaneous Server Inclusion
625 A DNS server may include a TKEY RR spontaneously as additional
626 information in responses. This SHOULD only be done if the server
627 knows the querier understands TKEY and has this option implemented.
628 This technique can be used to delete a key and may be specified for
629 modes defined in the future. A disadvantage of this technique is
630 that there is no way for the server to get any error or success
631 indication back and, in the case of UDP, no way to even know if the
632 DNS response reached the resolver.
634 5.1 Spontaneous Server Key Deletion
636 A server can optionally tell a client that it has deleted a secret
637 key by spontaneously including a TKEY RR in the additional
638 information section of a response with the key's name and specifying
639 the key deletion mode. Such a response SHOULD be authenticated. If
640 authenticated, it "deletes" the key with the given name. The
641 inception and expiry times of the delete TKEY RR are ignored. Failure
642 by a client to receive or properly process such additional
643 information in a response would mean that the client might use a key
644 that the server had discarded and would then get an error indication.
646 For server assigned and Diffie-Hellman keys, the client MUST
647 "discard" active state associated with the key. For querier assigned
648 keys, the querier MAY simply mark the key as no longer retained by
649 the server and may re-send it in a future query specifying querier
650 assigned keying material.
652 6. Methods of Encryption
654 For the server assigned and resolver assigned key agreement modes,
655 the keying material is sent within the key data field of a TKEY RR
656 encrypted under the public key in an accompanying KEY RR [RFC 2535].
657 This KEY RR MUST be for a public key algorithm where the public and
658 private keys can be used for encryption and the corresponding
659 decryption which recovers the originally encrypted data. The KEY RR
660 SHOULD correspond to a name for the decrypting resolver/server such
661 that the decrypting process has access to the corresponding private
662 key to decrypt the data. The secret keying material being sent will
663 generally be fairly short, usually less than 256 bits, because that
664 is adequate for very strong protection with modern keyed hash or
665 symmetric algorithms.
667 If the KEY RR specifies the RSA algorithm, then the keying material
668 is encrypted as per the description of RSAES-PKCS1-v1_5 encryption in
669 PKCS#1 [RFC 2437]. (Note, the secret keying material being sent is
670 directly RSA encrypted in PKCS#1 format. It is not "enveloped" under
674 Eastlake Standards Track [Page 12]
675 \f
676 RFC 2930 The DNS TKEY RR September 2000
679 some other symmetric algorithm.) In the unlikely event that the
680 keying material will not fit within one RSA modulus of the chosen
681 public key, additional RSA encryption blocks are included. The
682 length of each block is clear from the public RSA key specified and
683 the RSAES-PKCS1-v1_5 padding makes it clear what part of the
684 encrypted data is actually keying material and what part is
685 formatting or the required at least eight bytes of random [RFC 1750]
686 padding.
688 7. IANA Considerations
690 This section is to be interpreted as provided in [RFC 2434].
692 Mode field values 0x0000 and 0xFFFF are reserved.
694 Mode field values 0x0001 through 0x00FF, and 0XFF00 through 0XFFFE
695 can only be assigned by an IETF Standards Action.
697 Mode field values 0x0100 through 0x0FFF and 0xF0000 through 0xFEFF
698 are allocated by IESG approval or IETF consensus.
700 Mode field values 0x1000 through 0xEFFF are allocated based on
701 Specification Required as defined in [RFC 2434].
703 Mode values should not be changed when the status of their use
704 changes. For example, a mode value assigned based just on providing
705 a specification should not be changed later just because that use's
706 status is changed to standards track.
708 The following assignments are documented herein:
710 RR Type 249 for TKEY.
712 TKEY Modes 1 through 5 as listed in section 2.5.
714 Extended RCODE Error values of 19, 20, and 21 as listed in section
715 2.6.
717 8. Security Considerations
719 The entirety of this specification is concerned with the secure
720 establishment of a shared secret between DNS clients and servers in
721 support of TSIG [RFC 2845].
723 Protection against denial of service via the use of TKEY is not
724 provided.
730 Eastlake Standards Track [Page 13]
731 \f
732 RFC 2930 The DNS TKEY RR September 2000
735 References
737 [Schneier] Bruce Schneier, "Applied Cryptography: Protocols,
738 Algorithms, and Source Code in C", 1996, John Wiley and
739 Sons
741 [RFC 1034] Mockapetris, P., "Domain Names - Concepts and Facilities",
742 STD 13, RFC 1034, November 1987.
744 [RFC 1035] Mockapetris, P., "Domain Names - Implementation and
745 Specifications", STD 13, RFC 1035, November 1987.
747 [RFC 1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
748 Recommendations for Security", RFC 1750, December 1994.
750 [RFC 1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
751 September 1996.
753 [RFC 1995] Ohta, M., "Incremental Zone Transfer in DNS", RFC 1995,
754 August 1996.
756 [RFC 2030] Mills, D., "Simple Network Time Protocol (SNTP) Version 4
757 for IPv4, IPv6 and OSI", RFC 2030, October 1996.
759 [RFC 2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-
760 Hashing for Message Authentication", RFC 2104, February
761 1997.
763 [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
764 Requirement Levels", BCP 14, RFC 2119, March 1997.
766 [RFC 2136] Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
767 Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
768 April 1997.
770 [RFC 2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
771 IANA Considerations Section in RFCs", BCP 26, RFC 2434,
772 October 1998.
774 [RFC 2437] Kaliski, B. and J. Staddon, "PKCS #1: RSA Cryptography
775 Specifications Version 2.0", RFC 2437, October 1998.
777 [RFC 2535] Eastlake, D., "Domain Name System Security Extensions",
778 RFC 2535, March 1999.
780 [RFC 2539] Eastlake, D., "Storage of Diffie-Hellman Keys in the
781 Domain Name System (DNS)", RFC 2539, March 1999.
786 Eastlake Standards Track [Page 14]
787 \f
788 RFC 2930 The DNS TKEY RR September 2000
791 [RFC 2845] Vixie, P., Gudmundsson, O., Eastlake, D. and B.
792 Wellington, "Secret Key Transaction Authentication for DNS
793 (TSIG)", RFC 2845, May 2000.
795 [RFC 2931] Eastlake, D., "DNS Request and Transaction Signatures
796 (SIG(0)s )", RFC 2931, September 2000.
798 Author's Address
800 Donald E. Eastlake 3rd
801 Motorola
802 140 Forest Avenue
803 Hudson, MA 01749 USA
805 Phone: +1 978-562-2827 (h)
806 +1 508-261-5434 (w)
807 Fax: +1 508-261-4447 (w)
808 EMail: Donald.Eastlake@motorola.com
842 Eastlake Standards Track [Page 15]
843 \f
844 RFC 2930 The DNS TKEY RR September 2000
847 Full Copyright Statement
849 Copyright (C) The Internet Society (2000). All Rights Reserved.
851 This document and translations of it may be copied and furnished to
852 others, and derivative works that comment on or otherwise explain it
853 or assist in its implementation may be prepared, copied, published
854 and distributed, in whole or in part, without restriction of any
855 kind, provided that the above copyright notice and this paragraph are
856 included on all such copies and derivative works. However, this
857 document itself may not be modified in any way, such as by removing
858 the copyright notice or references to the Internet Society or other
859 Internet organizations, except as needed for the purpose of
860 developing Internet standards in which case the procedures for
861 copyrights defined in the Internet Standards process must be
862 followed, or as required to translate it into languages other than
863 English.
865 The limited permissions granted above are perpetual and will not be
866 revoked by the Internet Society or its successors or assigns.
868 This document and the information contained herein is provided on an
869 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
870 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
871 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
872 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
873 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
875 Acknowledgement
877 Funding for the RFC Editor function is currently provided by the
878 Internet Society.
898 Eastlake Standards Track [Page 16]
899 \f