| blob | 4e17b1d960e851e5aa864e457a2ed04567bf6a9b |
7 Network Working Group P. Nikander
8 Request for Comments: 5205 Ericsson Research NomadicLab
9 Category: Experimental J. Laganier
10 DoCoMo Euro-Labs
11 April 2008
14 Host Identity Protocol (HIP) Domain Name System (DNS) Extension
16 Status of This Memo
18 This memo defines an Experimental Protocol for the Internet
19 community. It does not specify an Internet standard of any kind.
20 Discussion and suggestions for improvement are requested.
21 Distribution of this memo is unlimited.
23 Abstract
25 This document specifies a new resource record (RR) for the Domain
26 Name System (DNS), and how to use it with the Host Identity Protocol
27 (HIP). This RR allows a HIP node to store in the DNS its Host
28 Identity (HI, the public component of the node public-private key
29 pair), Host Identity Tag (HIT, a truncated hash of its public key),
30 and the Domain Names of its rendezvous servers (RVSs).
58 Nikander & Laganier Experimental [Page 1]
59 \f
60 RFC 5205 HIP DNS Extension April 2008
63 Table of Contents
65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
66 2. Conventions Used in This Document . . . . . . . . . . . . . . 3
67 3. Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . 4
68 3.1. Simple Static Singly Homed End-Host . . . . . . . . . . . 5
69 3.2. Mobile end-host . . . . . . . . . . . . . . . . . . . . . 6
70 4. Overview of Using the DNS with HIP . . . . . . . . . . . . . . 8
71 4.1. Storing HI, HIT, and RVS in the DNS . . . . . . . . . . . 8
72 4.2. Initiating Connections Based on DNS Names . . . . . . . . 8
73 5. HIP RR Storage Format . . . . . . . . . . . . . . . . . . . . 9
74 5.1. HIT Length Format . . . . . . . . . . . . . . . . . . . . 9
75 5.2. PK Algorithm Format . . . . . . . . . . . . . . . . . . . 9
76 5.3. PK Length Format . . . . . . . . . . . . . . . . . . . . . 10
77 5.4. HIT Format . . . . . . . . . . . . . . . . . . . . . . . . 10
78 5.5. Public Key Format . . . . . . . . . . . . . . . . . . . . 10
79 5.6. Rendezvous Servers Format . . . . . . . . . . . . . . . . 10
80 6. HIP RR Presentation Format . . . . . . . . . . . . . . . . . . 10
81 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
82 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
83 8.1. Attacker Tampering with an Insecure HIP RR . . . . . . . . 12
84 8.2. Hash and HITs Collisions . . . . . . . . . . . . . . . . . 13
85 8.3. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 13
86 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
87 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
88 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
89 11.1. Normative references . . . . . . . . . . . . . . . . . . . 14
90 11.2. Informative references . . . . . . . . . . . . . . . . . . 15
114 Nikander & Laganier Experimental [Page 2]
115 \f
116 RFC 5205 HIP DNS Extension April 2008
119 1. Introduction
121 This document specifies a new resource record (RR) for the Domain
122 Name System (DNS) [RFC1034], and how to use it with the Host Identity
123 Protocol (HIP) [RFC5201]. This RR allows a HIP node to store in the
124 DNS its Host Identity (HI, the public component of the node public-
125 private key pair), Host Identity Tag (HIT, a truncated hash of its
126 HI), and the Domain Names of its rendezvous servers (RVSs) [RFC5204].
128 Currently, most of the Internet applications that need to communicate
129 with a remote host first translate a domain name (often obtained via
130 user input) into one or more IP address(es). This step occurs prior
131 to communication with the remote host, and relies on a DNS lookup.
133 With HIP, IP addresses are intended to be used mostly for on-the-wire
134 communication between end hosts, while most Upper Layer Protocols
135 (ULP) and applications use HIs or HITs instead (ICMP might be an
136 example of an ULP not using them). Consequently, we need a means to
137 translate a domain name into an HI. Using the DNS for this
138 translation is pretty straightforward: We define a new HIP resource
139 record. Upon query by an application or ULP for a name to IP address
140 lookup, the resolver would then additionally perform a name to HI
141 lookup, and use it to construct the resulting HI to IP address
142 mapping (which is internal to the HIP layer). The HIP layer uses the
143 HI to IP address mapping to translate HIs and HITs into IP addresses
144 and vice versa.
146 The HIP Rendezvous Extension [RFC5204] allows a HIP node to be
147 reached via the IP address(es) of a third party, the node's
148 rendezvous server (RVS). An Initiator willing to establish a HIP
149 association with a Responder served by an RVS would typically
150 initiate a HIP exchange by sending an I1 towards the RVS IP address
151 rather than towards the Responder IP address. Consequently, we need
152 a means to find the name of a rendezvous server for a given host
153 name.
155 This document introduces the new HIP DNS resource record to store the
156 Rendezvous Server (RVS), Host Identity (HI), and Host Identity Tag
157 (HIT) information.
159 2. Conventions Used in This Document
161 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
162 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
163 document are to be interpreted as described in RFC 2119 [RFC2119].
170 Nikander & Laganier Experimental [Page 3]
171 \f
172 RFC 5205 HIP DNS Extension April 2008
175 3. Usage Scenarios
177 In this section, we briefly introduce a number of usage scenarios
178 where the DNS is useful with the Host Identity Protocol.
180 With HIP, most applications and ULPs are unaware of the IP addresses
181 used to carry packets on the wire. Consequently, a HIP node could
182 take advantage of having multiple IP addresses for fail-over,
183 redundancy, mobility, or renumbering, in a manner that is transparent
184 to most ULPs and applications (because they are bound to HIs; hence,
185 they are agnostic to these IP address changes).
187 In these situations, for a node to be reachable by reference to its
188 Fully Qualified Domain Name (FQDN), the following information should
189 be stored in the DNS:
191 o A set of IP address(es) via A [RFC1035] and AAAA [RFC3596] RR sets
192 (RRSets [RFC2181]).
194 o A Host Identity (HI), Host Identity Tag (HIT), and possibly a set
195 of rendezvous servers (RVS) through HIP RRs.
197 When a HIP node wants to initiate communication with another HIP
198 node, it first needs to perform a HIP base exchange to set up a HIP
199 association towards its peer. Although such an exchange can be
200 initiated opportunistically, i.e., without prior knowledge of the
201 Responder's HI, by doing so both nodes knowingly risk man-in-the-
202 middle attacks on the HIP exchange. To prevent these attacks, it is
203 recommended that the Initiator first obtain the HI of the Responder,
204 and then initiate the exchange. This can be done, for example,
205 through manual configuration or DNS lookups. Hence, a new HIP RR is
206 introduced.
208 When a HIP node is frequently changing its IP address(es), the
209 natural DNS latency for propagating changes may prevent it from
210 publishing its new IP address(es) in the DNS. For solving this
211 problem, the HIP Architecture [RFC4423] introduces rendezvous servers
212 (RVSs) [RFC5204]. A HIP host uses a rendezvous server as a
213 rendezvous point to maintain reachability with possible HIP
214 initiators while moving [RFC5206]. Such a HIP node would publish in
215 the DNS its RVS domain name(s) in a HIP RR, while keeping its RVS up-
216 to-date with its current set of IP addresses.
218 When a HIP node wants to initiate a HIP exchange with a Responder, it
219 will perform a number of DNS lookups. Depending on the type of
220 implementation, the order in which those lookups will be issued may
221 vary. For instance, implementations using HIT in APIs may typically
222 first query for HIP resource records at the Responder FQDN, while
226 Nikander & Laganier Experimental [Page 4]
227 \f
228 RFC 5205 HIP DNS Extension April 2008
231 those using an IP address in APIs may typically first query for A
232 and/or AAAA resource records.
234 In the following, we assume that the Initiator first queries for HIP
235 resource records at the Responder FQDN.
237 If the query for the HIP type was responded to with a DNS answer with
238 RCODE=3 (Name Error), then the Responder's information is not present
239 in the DNS and further queries for the same owner name SHOULD NOT be
240 made.
242 In case the query for the HIP records returned a DNS answer with
243 RCODE=0 (No Error) and an empty answer section, it means that no HIP
244 information is available at the responder name. In such a case, if
245 the Initiator has been configured with a policy to fallback to
246 opportunistic HIP (initiating without knowing the Responder's HI) or
247 plain IP, it would send out more queries for A and AAAA types at the
248 Responder's FQDN.
250 Depending on the combinations of answers, the situations described in
251 Section 3.1 and Section 3.2 can occur.
253 Note that storing HIP RR information in the DNS at an FQDN that is
254 assigned to a non-HIP node might have ill effects on its reachability
255 by HIP nodes.
257 3.1. Simple Static Singly Homed End-Host
259 A HIP node (R) with a single static network attachment, wishing to be
260 reachable by reference to its FQDN (www.example.com), would store in
261 the DNS, in addition to its IP address(es) (IP-R), its Host Identity
262 (HI-R) and Host Identity Tag (HIT-R) in a HIP resource record.
264 An Initiator willing to associate with a node would typically issue
265 the following queries:
267 o QNAME=www.example.com, QTYPE=HIP
269 o (QCLASS=IN is assumed and omitted from the examples)
271 Which returns a DNS packet with RCODE=0 and one or more HIP RRs with
272 the HIT and HI (e.g., HIT-R and HI-R) of the Responder in the answer
273 section, but no RVS.
282 Nikander & Laganier Experimental [Page 5]
283 \f
284 RFC 5205 HIP DNS Extension April 2008
287 o QNAME=www.example.com, QTYPE=A QNAME=www.example.com, QTYPE=AAAA
289 Which returns DNS packets with RCODE=0 and one or more A or AAAA RRs
290 containing IP address(es) of the Responder (e.g., IP-R) in the answer
291 section.
293 Caption: In the remainder of this document, for the sake of keeping
294 diagrams simple and concise, several DNS queries and answers
295 are represented as one single transaction, while in fact
296 there are several queries and answers flowing back and
297 forth, as described in the textual examples.
299 [HIP? A? ]
300 [www.example.com] +-----+
301 +-------------------------------->| |
302 | | DNS |
303 | +-------------------------------| |
304 | | [HIP? A? ] +-----+
305 | | [www.example.com]
306 | | [HIP HIT-R HI-R ]
307 | | [A IP-R ]
308 | v
309 +-----+ +-----+
310 | |--------------I1------------->| |
311 | I |<-------------R1--------------| R |
312 | |--------------I2------------->| |
313 | |<-------------R2--------------| |
314 +-----+ +-----+
316 Static Singly Homed Host
318 The Initiator would then send an I1 to the Responder's IP addresses
319 (IP-R).
321 3.2. Mobile end-host
323 A mobile HIP node (R) wishing to be reachable by reference to its
324 FQDN (www.example.com) would store in the DNS, possibly in addition
325 to its IP address(es) (IP-R), its HI (HI-R), HIT (HIT-R), and the
326 domain name(s) of its rendezvous server(s) (e.g., rvs.example.com) in
327 HIP resource record(s). The mobile HIP node also needs to notify its
328 rendezvous servers of any change in its set of IP address(es).
330 An Initiator willing to associate with such a mobile node would
331 typically issue the following queries:
333 o QNAME=www.example.com, QTYPE=HIP
338 Nikander & Laganier Experimental [Page 6]
339 \f
340 RFC 5205 HIP DNS Extension April 2008
343 Which returns a DNS packet with RCODE=0 and one or more HIP RRs with
344 the HIT, HI, and RVS domain name(s) (e.g., HIT-R, HI-R, and
345 rvs.example.com) of the Responder in the answer section.
347 o QNAME=rvs.example.com, QTYPE=A QNAME=www.example.com, QTYPE=AAAA
349 Which returns DNS packets with RCODE=0 and one or more A or AAAA RRs
350 containing IP address(es) of the Responder's RVS (e.g., IP-RVS) in
351 the answer section.
353 [HIP? ]
354 [www.example.com]
356 [A? ]
357 [rvs.example.com] +-----+
358 +----------------------------------------->| |
359 | | DNS |
360 | +----------------------------------------| |
361 | | [HIP? ] +-----+
362 | | [www.example.com ]
363 | | [HIP HIT-R HI-R rvs.example.com]
364 | |
365 | | [A? ]
366 | | [rvs.example.com]
367 | | [A IP-RVS ]
368 | |
369 | | +-----+
370 | | +------I1----->| RVS |-----I1------+
371 | | | +-----+ |
372 | | | |
373 | | | |
374 | v | v
375 +-----+ +-----+
376 | |<---------------R1------------| |
377 | I |----------------I2----------->| R |
378 | |<---------------R2------------| |
379 +-----+ +-----+
381 Mobile End-Host
383 The Initiator would then send an I1 to the RVS IP address (IP-RVS).
384 Following, the RVS will relay the I1 up to the mobile node's IP
385 address (IP-R), which will complete the HIP exchange.
394 Nikander & Laganier Experimental [Page 7]
395 \f
396 RFC 5205 HIP DNS Extension April 2008
399 4. Overview of Using the DNS with HIP
401 4.1. Storing HI, HIT, and RVS in the DNS
403 For any HIP node, its Host Identity (HI), the associated Host
404 Identity Tag (HIT), and the FQDN of its possible RVSs can be stored
405 in a DNS HIP RR. Any conforming implementation may store a Host
406 Identity (HI) and its associated Host Identity Tag (HIT) in a DNS HIP
407 RDATA format. HI and HIT are defined in Section 3 of the HIP
408 specification [RFC5201].
410 Upon return of a HIP RR, a host MUST always calculate the HI-
411 derivative HIT to be used in the HIP exchange, as specified in
412 Section 3 of the HIP specification [RFC5201], while the HIT possibly
413 embedded along SHOULD only be used as an optimization (e.g., table
414 lookup).
416 The HIP resource record may also contain one or more domain name(s)
417 of rendezvous server(s) towards which HIP I1 packets might be sent to
418 trigger the establishment of an association with the entity named by
419 this resource record [RFC5204].
421 The rendezvous server field of the HIP resource record stored at a
422 given owner name MAY include the owner name itself. A semantically
423 equivalent situation occurs if no rendezvous server is present in the
424 HIP resource record stored at that owner name. Such situations occur
425 in two cases:
427 o The host is mobile, and the A and/or AAAA resource record(s)
428 stored at its host name contain the IP address(es) of its
429 rendezvous server rather than its own one.
431 o The host is stationary, and can be reached directly at the IP
432 address(es) contained in the A and/or AAAA resource record(s)
433 stored at its host name. This is a degenerated case of rendezvous
434 service where the host somewhat acts as a rendezvous server for
435 itself.
437 An RVS receiving such an I1 would then relay it to the appropriate
438 Responder (the owner of the I1 receiver HIT). The Responder will
439 then complete the exchange with the Initiator, typically without
440 ongoing help from the RVS.
442 4.2. Initiating Connections Based on DNS Names
444 On a HIP node, a Host Identity Protocol exchange SHOULD be initiated
445 whenever a ULP attempts to communicate with an entity and the DNS
446 lookup returns HIP resource records.
450 Nikander & Laganier Experimental [Page 8]
451 \f
452 RFC 5205 HIP DNS Extension April 2008
455 5. HIP RR Storage Format
457 The RDATA for a HIP RR consists of a public key algorithm type, the
458 HIT length, a HIT, a public key, and optionally one or more
459 rendezvous server(s).
461 0 1 2 3
462 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
464 | HIT length | PK algorithm | PK length |
465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
466 | |
467 ~ HIT ~
468 | |
469 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
470 | | |
471 +-+-+-+-+-+-+-+-+-+-+-+ +
472 | Public Key |
473 ~ ~
474 | |
475 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
476 | | |
477 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
478 | |
479 ~ Rendezvous Servers ~
480 | |
481 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
482 | |
483 +-+-+-+-+-+-+-+
485 The HIT length, PK algorithm, PK length, HIT, and Public Key fields
486 are REQUIRED. The Rendezvous Servers field is OPTIONAL.
488 5.1. HIT Length Format
490 The HIT length indicates the length in bytes of the HIT field. This
491 is an 8-bit unsigned integer.
493 5.2. PK Algorithm Format
495 The PK algorithm field indicates the public key cryptographic
496 algorithm and the implied public key field format. This is an 8-bit
497 unsigned integer. This document reuses the values defined for the
498 'algorithm type' of the IPSECKEY RR [RFC4025].
500 Presently defined values are listed in Section 9 for reference.
506 Nikander & Laganier Experimental [Page 9]
507 \f
508 RFC 5205 HIP DNS Extension April 2008
511 5.3. PK Length Format
513 The PK length indicates the length in bytes of the Public key field.
514 This is a 16-bit unsigned integer in network byte order.
516 5.4. HIT Format
518 The HIT is stored as a binary value in network byte order.
520 5.5. Public Key Format
522 Both of the public key types defined in this document (RSA and DSA)
523 reuse the public key formats defined for the IPSECKEY RR [RFC4025].
525 The DSA key format is defined in RFC 2536 [RFC2536].
527 The RSA key format is defined in RFC 3110 [RFC3110] and the RSA key
528 size limit (4096 bits) is relaxed in the IPSECKEY RR [RFC4025]
529 specification.
531 5.6. Rendezvous Servers Format
533 The Rendezvous Servers field indicates one or more variable length
534 wire-encoded domain names of rendezvous server(s), as described in
535 Section 3.3 of RFC 1035 [RFC1035]. The wire-encoded format is self-
536 describing, so the length is implicit. The domain names MUST NOT be
537 compressed. The rendezvous server(s) are listed in order of
538 preference (i.e., first rendezvous server(s) are preferred), defining
539 an implicit order amongst rendezvous servers of a single RR. When
540 multiple HIP RRs are present at the same owner name, this implicit
541 order of rendezvous servers within an RR MUST NOT be used to infer a
542 preference order between rendezvous servers stored in different RRs.
544 6. HIP RR Presentation Format
546 This section specifies the representation of the HIP RR in a zone
547 master file.
549 The HIT length field is not represented, as it is implicitly known
550 thanks to the HIT field representation.
552 The PK algorithm field is represented as unsigned integers.
554 The HIT field is represented as the Base16 encoding [RFC4648] (a.k.a.
555 hex or hexadecimal) of the HIT. The encoding MUST NOT contain
556 whitespaces to distinguish it from the public key field.
562 Nikander & Laganier Experimental [Page 10]
563 \f
564 RFC 5205 HIP DNS Extension April 2008
567 The Public Key field is represented as the Base64 encoding [RFC4648]
568 of the public key. The encoding MUST NOT contain whitespace(s) to
569 distinguish it from the Rendezvous Servers field.
571 The PK length field is not represented, as it is implicitly known
572 thanks to the Public key field representation containing no
573 whitespaces.
575 The Rendezvous Servers field is represented by one or more domain
576 name(s) separated by whitespace(s).
578 The complete representation of the HPIHI record is:
580 IN HIP ( pk-algorithm
581 base16-encoded-hit
582 base64-encoded-public-key
583 rendezvous-server[1]
584 ...
585 rendezvous-server[n] )
587 When no RVSs are present, the representation of the HPIHI record is:
589 IN HIP ( pk-algorithm
590 base16-encoded-hit
591 base64-encoded-public-key )
593 7. Examples
595 In the examples below, the public key field containing no whitespace
596 is wrapped since it does not fit in a single line of this document.
598 Example of a node with HI and HIT but no RVS:
600 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
601 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
602 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
603 b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D )
605 Example of a node with a HI, HIT, and one RVS:
607 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
608 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
609 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
610 b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D
611 rvs.example.com. )
618 Nikander & Laganier Experimental [Page 11]
619 \f
620 RFC 5205 HIP DNS Extension April 2008
623 Example of a node with a HI, HIT, and two RVSs:
625 www.example.com. IN HIP ( 2 200100107B1A74DF365639CC39F1D578
626 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
627 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
628 b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D
629 rvs1.example.com.
630 rvs2.example.com. )
632 8. Security Considerations
634 This section contains a description of the known threats involved
635 with the usage of the HIP DNS Extension.
637 In a manner similar to the IPSECKEY RR [RFC4025], the HIP DNS
638 Extension allows for the provision of two HIP nodes with the public
639 keying material (HI) of their peer. These HIs will be subsequently
640 used in a key exchange between the peers. Hence, the HIP DNS
641 Extension introduces the same kind of threats that IPSECKEY does,
642 plus threats caused by the possibility given to a HIP node to
643 initiate or accept a HIP exchange using "opportunistic" or
644 "unpublished Initiator HI" modes.
646 A HIP node SHOULD obtain HIP RRs from a trusted party trough a secure
647 channel ensuring data integrity and authenticity of the RRs. DNSSEC
648 [RFC4033] [RFC4034] [RFC4035] provides such a secure channel.
649 However, it should be emphasized that DNSSEC only offers data
650 integrity and authenticity guarantees to the channel between the DNS
651 server publishing a zone and the HIP node. DNSSEC does not ensure
652 that the entity publishing the zone is trusted. Therefore, the RRSIG
653 signature of the HIP RRSet MUST NOT be misinterpreted as a
654 certificate binding the HI and/or the HIT to the owner name.
656 In the absence of a proper secure channel, both parties are
657 vulnerable to MitM and DoS attacks, and unrelated parties might be
658 subject to DoS attacks as well. These threats are described in the
659 following sections.
661 8.1. Attacker Tampering with an Insecure HIP RR
663 The HIP RR contains public keying material in the form of the named
664 peer's public key (the HI) and its secure hash (the HIT). Both of
665 these are not sensitive to attacks where an adversary gains knowledge
666 of them. However, an attacker that is able to mount an active attack
667 on the DNS, i.e., tampers with this HIP RR (e.g., using DNS
668 spoofing), is able to mount Man-in-the-Middle attacks on the
669 cryptographic core of the eventual HIP exchange (Responder's HIP RR
670 rewritten by the attacker).
674 Nikander & Laganier Experimental [Page 12]
675 \f
676 RFC 5205 HIP DNS Extension April 2008
679 The HIP RR may contain a rendezvous server domain name resolved into
680 a destination IP address where the named peer is reachable by an I1,
681 as per the HIP Rendezvous Extension [RFC5204]. Thus, an attacker
682 able to tamper with this RR is able to redirect I1 packets sent to
683 the named peer to a chosen IP address for DoS or MitM attacks. Note
684 that this kind of attack is not specific to HIP and exists
685 independently of whether or not HIP and the HIP RR are used. Such an
686 attacker might tamper with A and AAAA RRs as well.
688 An attacker might obviously use these two attacks in conjunction: It
689 will replace the Responder's HI and RVS IP address by its own in a
690 spoofed DNS packet sent to the Initiator HI, then redirect all
691 exchanged packets to him and mount a MitM on HIP. In this case, HIP
692 won't provide confidentiality nor Initiator HI protection from
693 eavesdroppers.
695 8.2. Hash and HITs Collisions
697 As with many cryptographic algorithms, some secure hashes (e.g.,
698 SHA1, used by HIP to generate a HIT from an HI) eventually become
699 insecure, because an exploit has been found in which an attacker with
700 reasonable computation power breaks one of the security features of
701 the hash (e.g., its supposed collision resistance). This is why a
702 HIP end-node implementation SHOULD NOT authenticate its HIP peers
703 based solely on a HIT retrieved from the DNS, but SHOULD rather use
704 HI-based authentication.
706 8.3. DNSSEC
708 In the absence of DNSSEC, the HIP RR is subject to the threats
709 described in RFC 3833 [RFC3833].
711 9. IANA Considerations
713 IANA has allocated one new RR type code (55) for the HIP RR from the
714 standard RR type space.
716 IANA does not need to open a new registry for public key algorithms
717 of the HIP RR because the HIP RR reuses "algorithms types" defined
718 for the IPSECKEY RR [RFC4025]. Presently defined values are shown
719 here for reference only:
721 0 is reserved
723 1 is DSA
725 2 is RSA
730 Nikander & Laganier Experimental [Page 13]
731 \f
732 RFC 5205 HIP DNS Extension April 2008
735 In the future, if a new algorithm is to be used for the HIP RR, a new
736 algorithm type and corresponding public key encoding should be
737 defined for the IPSECKEY RR. The HIP RR should reuse both the same
738 algorithm type and the same corresponding public key format as the
739 IPSECKEY RR.
741 10. Acknowledgments
743 As usual in the IETF, this document is the result of a collaboration
744 between many people. The authors would like to thank the author
745 (Michael Richardson), contributors, and reviewers of the IPSECKEY RR
746 [RFC4025] specification, after which this document was framed. The
747 authors would also like to thank the following people, who have
748 provided thoughtful and helpful discussions and/or suggestions, that
749 have helped improve this document: Jeff Ahrenholz, Rob Austein, Hannu
750 Flinck, Olafur Gudmundsson, Tom Henderson, Peter Koch, Olaf Kolkman,
751 Miika Komu, Andrew McGregor, Erik Nordmark, and Gabriel Montenegro.
752 Some parts of this document stem from the HIP specification
753 [RFC5201].
755 11. References
757 11.1. Normative references
759 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
760 STD 13, RFC 1034, November 1987.
762 [RFC1035] Mockapetris, P., "Domain names - implementation and
763 specification", STD 13, RFC 1035, November 1987.
765 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
766 Requirement Levels", BCP 14, RFC 2119, March 1997.
768 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
769 Specification", RFC 2181, July 1997.
771 [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi,
772 "DNS Extensions to Support IP Version 6", RFC 3596,
773 October 2003.
775 [RFC4025] Richardson, M., "A Method for Storing IPsec Keying
776 Material in DNS", RFC 4025, March 2005.
778 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
779 Rose, "DNS Security Introduction and Requirements",
780 RFC 4033, March 2005.
786 Nikander & Laganier Experimental [Page 14]
787 \f
788 RFC 5205 HIP DNS Extension April 2008
791 [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
792 Rose, "Resource Records for the DNS Security Extensions",
793 RFC 4034, March 2005.
795 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
796 Rose, "Protocol Modifications for the DNS Security
797 Extensions", RFC 4035, March 2005.
799 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
800 Encodings", RFC 4648, October 2006.
802 [RFC5201] Moskowitz, R., Nikander, P., Jokela, P., Ed., and T.
803 Henderson, "Host Identity Protocol", RFC 5201, April 2008.
805 [RFC5204] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP)
806 Rendezvous Extension", RFC 5204, April 2008.
808 11.2. Informative references
810 [RFC2536] Eastlake, D., "DSA KEYs and SIGs in the Domain Name System
811 (DNS)", RFC 2536, March 1999.
813 [RFC3110] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain
814 Name System (DNS)", RFC 3110, May 2001.
816 [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain
817 Name System (DNS)", RFC 3833, August 2004.
819 [RFC4423] Moskowitz, R. and P. Nikander, "Host Identity Protocol
820 (HIP) Architecture", RFC 4423, May 2006.
822 [RFC5206] Henderson, T., Ed., "End-Host Mobility and Multihoming
823 with the Host Identity Protocol", RFC 5206, April 2008.
842 Nikander & Laganier Experimental [Page 15]
843 \f
844 RFC 5205 HIP DNS Extension April 2008
847 Authors' Addresses
849 Pekka Nikander
850 Ericsson Research NomadicLab
851 JORVAS FIN-02420
852 FINLAND
854 Phone: +358 9 299 1
855 EMail: pekka.nikander@nomadiclab.com
858 Julien Laganier
859 DoCoMo Communications Laboratories Europe GmbH
860 Landsberger Strasse 312
861 Munich 80687
862 Germany
864 Phone: +49 89 56824 231
865 EMail: julien.ietf@laposte.net
866 URI: http://www.docomolab-euro.com/
898 Nikander & Laganier Experimental [Page 16]
899 \f
900 RFC 5205 HIP DNS Extension April 2008
903 Full Copyright Statement
905 Copyright (C) The IETF Trust (2008).
907 This document is subject to the rights, licenses and restrictions
908 contained in BCP 78, and except as set forth therein, the authors
909 retain all their rights.
911 This document and the information contained herein are provided on an
912 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
913 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
914 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
915 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
916 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
917 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
919 Intellectual Property
921 The IETF takes no position regarding the validity or scope of any
922 Intellectual Property Rights or other rights that might be claimed to
923 pertain to the implementation or use of the technology described in
924 this document or the extent to which any license under such rights
925 might or might not be available; nor does it represent that it has
926 made any independent effort to identify any such rights. Information
927 on the procedures with respect to rights in RFC documents can be
928 found in BCP 78 and BCP 79.
930 Copies of IPR disclosures made to the IETF Secretariat and any
931 assurances of licenses to be made available, or the result of an
932 attempt made to obtain a general license or permission for the use of
933 such proprietary rights by implementers or users of this
934 specification can be obtained from the IETF on-line IPR repository at
935 http://www.ietf.org/ipr.
937 The IETF invites any interested party to bring to its attention any
938 copyrights, patents or patent applications, or other proprietary
939 rights that may cover technology that may be required to implement
940 this standard. Please address the information to the IETF at
941 ietf-ipr@ietf.org.
954 Nikander & Laganier Experimental [Page 17]
955 \f