The RKEY DNS Resource RecordTelnic Ltd6 Langside CourtBothwellSCOTLANDUnited Kingdom+44 20 7467 6400jim@telnic.orgKirei ABPO Box 53204GoteborgSE 40016Sweden+46 31 787 8007jakob@kirei.seTelnic Ltd37 Percy StreetLondonW1T 2DJUnited Kingdom+44 20 7467 6450btimms@telnic.org
Internet
DNSEXTDNSENUMNAPTRInternet-Draft
A DNS Resource record which can be used to encrypt NAPTR records is
described in this document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP
14, RFC2119 .
The DNS protocol is defined in
RFC1034 ,
RFC1035 and clarified in
RFC2181 .
The scope for using DNS KEY Resource Records was limited in
RFC3445 to keys used by
the Domain Name System Security Extensions (DNSSEC) which is defined
in RFC4033 ,
RFC4034 and
RFC4035 .
The original KEY RR used sub-typing to store both DNSSEC
keys and arbitrary application keys.
Storing both DNSSEC and application keys with the same record type is
a mistake so RFC3445 removed application keys from the KEY record by
redefining the Protocol Octet field in the KEY RR Data.
This means that any other uses of keying material in the DNS need to
define a new RRtype and mnemonic.
Although this document advocates the introduction of a new
resource record specifically to provide this type of information for
keys that encrypt NAPTR records , it
can be used for more generalised encryption of DNS resource records.
A scheme for encrypting NAPTR records is outlined in
draft-timms-encrypt-naptr .
The RKEY RR uses an IANA-assigned type code and is used as resource
record for storing keys which encrypt NAPTR records.
The RDATA for an RKEY RR consists of flags, a protocol
octet, the algorithm number octet, and the public key itself.
The format is as follows:
RKEY RDATA format
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| flags | protocol | algorithm |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| /
/ public key /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
All bits of the flags field are reserved and MUST be zero.
The protocol field MUST be set to 1.
The algorithm and public key fields are identical to the definitions
used in RFC4034 .
The format and correct usage of DNSSEC keys is not changed by this
document and no new security considerations are introduced.
IANA is requested to issue a new type code and mnemonic for the
proposed resource record.
No other IANA services are required by this document.
The authors would like to thank Klaus Malorny, Lawrence Conroy and Roy
Arends for their constructive suggestions to this
document and for helping to identify potential uses for the proposed
record type.
DOMAIN NAMES - CONCEPTS AND FACILITIES Domain names - implementation and specificationUSC/ISI4676 Admiralty WayMarina del ReyCA90291US+1 213 822 1511Requirements for Internet Hosts -- Application and SupportClarifications to the DNS SpecificationDNS Security Introduction and RequirementsResource Records for the DNS Security ExtensionsProtocol Modifications for the DNS Security ExtensionsDynamic Delegation Discovery System (DDDS)
Part Three: The Domain Name System (DNS) DatabaseLimiting the Scope of the KEY Resource Record (RR)IANA Registration for Encrypted ENUMUniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumDay SoftwareAdobe Systems IncorporatedThe E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation
Discovery System (DDDS) Application (ENUM) Threat Analysis of the Domain Name System (DNS)The Internet Standards Process -- Revision 3Harvard UniversityHolyoke Center, Room 8131350 Massachusettes AvenueCambridgeMA02138US+1 617 495 3864sob@harvard.edu Key words for use in RFCs to Indicate Requirement Levels Harvard UniversityHolyoke Center, Room 8131350 Massachusettes AvenueCambridgeMA02138US+1 617 495 3864sob@harvard.eduIETF Rights in ContributionsIntellectual Property Rights in IETF Technology