RFC4641_and_I-D2.pdf

Similar documents

e164.arpa DNSSEC Version JPRS JPRS e164.arpa DNSSEC DNSSEC DNS DNSSEC (DNSSEC ) DNSSEC DNSSEC DNS ( ) % # (root)

DNS DNS 2002/12/19 Internet Week 2002/DNS DAY 2

Microsoft PowerPoint 版_Root_JPの状況.ppt

DNSSEC の仕組みと現状平成 22 年 11 月 DNSSEC ジャパン

Microsoft PowerPoint - DNSSEC技術と運用.ppt [互換モード]

第 5 部特集 5 YETI - A Live Root-DNSTestbed 第 5 部特集 5 YETI - A Live Root-DNSTestbed One World, One Internet, One Namespace - Paul Vixie(2014) 加藤朗第 1 章は

Microsoft PowerPoint - RFC4035.ppt

Microsoft PowerPoint - bind ppt

Microsoft PowerPoint - private-dnssec

Root KSK更新に対応する方法

DNSSECの基礎概要

第3 章電子認証技術に関する国際動向

DNS (BIND, djbdns) JPNIC・JPCERT/CC Security Seminar 2005

あなたのDNS運用は来るべきDNSSEC時代に耐えられますか

PowerPoint プレゼンテーション

DNSを「きちんと」設定しよう

DNSSECトラブルシューティング

/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR

橡03_ccTLD_rev.PDF

Microsoft PowerPoint - 動き出したDNSSEC.ppt

opetechwg-tools

BIND 9 BIND 9 IPv6 BIND 9 view lwres

Contents CIDR IPv6 Wildcard MX DNS

<4D F736F F D F81798E518D6C8E9197BF33817A88C38D868B5A8F70834B D31292E646F63>

MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB

Microsoft PowerPoint JPRS-DNSSEC-Act-03.pptx

日本語ドメイン名運用ガイド

DNSSEC運用技術SWG活動報告

OpenDNSSECチュートリアル

2 フルサービスリゾルバスタブリゾルバからリクエストを受け取るフルサービスリゾルバは権威ネームサーバに対して反復復的に問い合わせを行行うルートゾーンの権威サーバスタブリゾルバの IP アドレスを教えて? の IP アドレ

Juniper Networks Corporate PowerPoint Template

JPドメイン名におけるDNSSECについて

Introduction Purpose This training course describes the configuration and session features of the High-performance Embedded Workshop (HEW), a key tool

137. Tenancy specific information (a) Amount of deposit paid. (insert amount of deposit paid; in the case of a joint tenancy it should be the total am

Microsoft PowerPoint - IW2011-D1_simamura [互換モード]

スマート署名(Smart signing) BIND 9.7での新機能

評論・社会科学　１０１号（Ｐ）☆／１．三井

DNSハンズオンDNS運用のいろは

DNS DNS(Domain Name System) named(bind), tinydns(djbdns), MicrosoftDNS(Windows), etc 3 2 (1) ( ) IP IP DNS 4

amplification attacks とは送信元を偽装した dns query による攻撃帯域を埋める smurf attacks に類似攻撃要素は IP spoofing amp 2006/07/14 Copyright (C) 2006 Internet Initiative Jap

自己紹介 l 本職 l 東京大学情報基盤センター l 学内基幹ネットワークの設計運用 l ネットワークを中心とした実践的な研究活動 l l WIDE Project ボードメンバー l 運用と研究を兼ねた活動 l その他活動 l Interop Tokyo NOC ジェネラリスト (2010 現在

Introduction Purpose This training course demonstrates the use of the High-performance Embedded Workshop (HEW), a key tool for developing software for

Microsoft Word - Win-Outlook.docx

2016年6月24日 DNS Summer Day 2016 PowerDNS

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using con

LC304_manual.ai

WebRTC P2P,. Web,. WebRTC. WebRTC, P2P, i

eTA案内_ 完成TZ

JOURNAL OF THE JAPANESE ASSOCIATION FOR PETROLEUM TECHNOLOGY VOL. 66, NO. 6 (Nov., 2001) (Received August 10, 2001; accepted November 9, 2001) Alterna

YMS-VPN1_User_Manual

日本看護管理学会誌15-2

2 注意事項教材として会場を提供していただいている ConoHa さんのドメイン名とその権威ネームサーバを使用しています conoha.jp ns1.gmointernet.jp

IP 2.2 (IP ) IP 2.3 DNS IP IP DNS DNS 3 (PC) PC PC PC Linux(ubuntu) PC TA 2

DNSSEC性能確認手順書v1.2

Mikio Yamamoto: Dynamical Measurement of the E-effect in Iron-Cobalt Alloys. The AE-effect (change in Young's modulus of elasticity with magnetization

DNSSEC技術実験報告書

2011 Future University Hakodate 2011 System Information Science Practice Group Report Project Name Visualization of Code-Breaking Group Name Implemati

(Requirements in communication) (efficiently) (Information Theory) (certainly) (Coding Theory) (safely) (Cryptography) I 1

目次 1 本マニュアルについて設定手順 (BIND 9 利用 ) 設定例の環境設定例のファイル構成 named.conf の設定例逆引きゾーンの設定例動作確認 ( ゾーン転送 )

TechnicalBrief_Infoblox_jp.indd

ベース0516.indd

Core Ethics Vol.

1. PKI (EDB/PKI) (Single Sign On; SSO) (PKI) ( ) Private PKI, Free Software ITRC 20th Meeting (Oct. 5, 2006) T. The University of Tokush

ビューワソフトウェア使用説明書

IPSEC-VPN IPsec(Security Architecture for Internet Protocol) IP SA(Security Association, ) SA IKE IKE 1 1 ISAKMP SA( ) IKE 2 2 IPSec SA( 1 ) IPs

ISO/IEC 9798プロトコルの安全性評価

帯域を測ってみよう (適応型QoS/QoS連携/帯域検出機能)

SCORE−‹Šp‡Ì”è‹ø‡«Ver3

_原著03_濱田_責.indd

Adobe Media Encoder ユーザーガイド

Transcription:

RFC 4641 SWG 1

Appendix A. Terminology Anchored key DNSKEY hard anchor (ed) Bogus RFC 4033 5 RRSet DNSKEY RRSet Bogus 2

Appendix A. Terminology Key Signing Key KSK Key Signing Key(KSK) zone apex key set KSK Key size key size modulus size modulus size key size modulus n. pl. moduli [-lai], ; absolute value. (Infoseek ) 3

Appendix A. Terminology Private and public keys DNSSEC DNS public key( ) private key( ) 2 ( ) public key DNSKEY RR DNS private key 4

Appendix A. Terminology Key rollover key rollover(key supercession ) Secure Entry Point (SEP) key DS trust anchor KSK SEP flag(rfc 4035 ) 5

Appendix A. Terminology Self-signature DNSKEY DNSKEY x DNSKEY x selfsignature( ) self-signature DNSKEY 6

Appendix A. Terminology Signing the zone file Signer signer RRSet 7

Appendix A. Terminology Zone Signing Key(ZSK) ( DNSKEY RRSet ) ZSK Zone administrator primary authoritative role ( ) 8

RFC 4641 & Internet Draft RFC4641-bis-02 9

Abstract RFC4641 DNSSEC DNSSEC DNSSEC RFC4641 RFC2541(DNS RFC) RFC4641 RFC2541 10

1. Introduction DNS RFC1034 1035 DNSSEC RFC4033 4034 4035 RFC workshop DNSSEC RFC DNSSEC 2006 2010 bits-2 Internet draft Internet Draft Internet Draft 11

1. Introduction ( (signing) (publishing)) DNS 2 " " 3 4 4.1 4.2 4.3 4.4 C 12

1. Introduction RFC RFC2119 RFC2119 RFC MUST MAY DNSSEC RFC2541 RFC2541(DNS ) DNS 13

1.1 The Use of the Term Key ( ) RFC DNSSEC (a key is used to sign data) DNSKEY RR 14

1.2 Time Definitions ( ) (Signature validity period) RRSIG RR RRSIG RR (Signature publication period) RRSIG RRSIG RRSIG DNS (Key effectivity period) / TTL (Maximum/Minimum Zone Time to Live (TTL)) RR (?) TTL TTL SOA RR MINIMUM 11 (RFC2308 DNS ) 15

2. Keeping the Chain of Trust Intact ( ) bogus( ) (Bogus RFC 4033 5 ) Bogus 16

2. Keeping the Chain of Trust Intact ( ) (non-authoritive) notify IXFR AXFR( ) notify SOA AXFR 17

2. Keeping the Chain of Trust Intact ( ) (some middle box) ( ) -- "Security-aware" 4.3 18

3. Keys Generation and Storage ( ) 3 InternetDraft bits-02 RFC4641 19

3.1 Zone and Key Signing Keys (3.1 [KSK]) DNSSEC DNSKEY DNSKEY (the validation) (the motivations) DNSSEC (KSK) (ZSK) (SEP) ( ) ( bits02 ) (KSK) DNSSEC RRSet RRSet (ZSK) KSK SEP Key KSK SEP key 1 1 SEP flag KSK KSK SEP KSK ZSK SEP SEP 20

3.1.1 Motivations for the KSK and ZSK Separations (KSK ZSK ) KSK ZSK ZSK KSK ( bit ) KSK KSK ZSK ZSK KSK 21

3.1.1 Motivations for the KSK and ZSK Separations (KSK ZSK ) KSK ZSK KSK ZSK KSK ZSK ZSK KSK SEP DS DNS SEP KSK SEP flag KSK DNSKEY RR flag ZSK flag KSK ZSK ( Internet Draft ) ZSK ( Internet Draft ) ZSK ( Internet Draft ) 22

3.1.1 Motivations for the KSK and ZSK Separations (KSK ZSK ) KSK ZSK ZSK KSK KSK ZSK KSK ZSK HSM( ) 23

3.1.1 Motivations for the KSK and ZSK Separations (KSK ZSK ) (KSK) DNSKEY RR KSK (SEP) 24

3.1.1 Motivations for the KSK and ZSK Separations (KSK ZSK ) DNS KSK ZSK ZSK KSK KSK ZSK HSM KSK ZSK SEP KSK 25

3.1.2 KSK for High-Level Zones ( KSK) ( ) ( (compromised) ) DNS ( ) DNS 26

3.1.2 KSK for High-Level Zones ( KSK) 3.1.2 Internet Draft Internet Draft 3.1.4.5 3.1.4.5 DNS KSK KSK ( ) (MITM) exsamle. somebank.exsamle. DNS exsamle. KSK 27

3.1.2 Practical concequences of KSK and ZSK Separation ( KSK ZSK ) KSK SEP DNSKEY RR SEP KSK ZSK ( RFC4641 3.1.1 ) SEP KSK ZSK ( RFC4641 3.1.1 ) ZSK ( RFC4641 3.1.1 ) ZSK ( RFC4641 3.1.1 ) KSK DNSKEY RR KSK SEP (RFC5011 ) KSK 28

3.1.2.1 Rolling a KSK that is not a trust-anchor ( KSK ) KSK 3 ( 2 ) KSK (?) 29

3.1.2.1 Rolling a KSK that is not a trust-anchor ( KSK ) DNSSEC 3 KSK KSK KSK KSK 30

3.1.2.2 Rolling a KSK that is a trust-anchor ( KSK ) KSK bogus KSK KSK 31

3.1.2.2 Rolling a KSK that is a trust-anchor ( KSK ) RFC5011 RFC5011 KSK 32

3.2 Key Generation ( ) RFC4086 (2007 ) ( InternetDraft ) RFC4086 ( ) 33

3.3 key Effectivity Period ( ) KSK 20 34

3.3 key Effectivity Period ( ) DNSSEC (KSK) 12 13 1 ZSK 3.5 35

3.3 key Effectivity Period ( ) ZSK KSK (KSK ZSK ) ZSK 36

3.3 key Effectivity Period ( ) 3.1.2 4.1 4.2 KSK ZSK KSK ZSK ZSK HSM 37

3.4 Key Algorithm( ) DNSSEC 3 RSA DSA (Elliptic Curve Cryptography) DNSSEC Internet Draft RSA DSA RSA 2000 RSA DSA NIST( ) RSA 10 40 RSA DSA DSA 10 38

3.4 Key Algorithm( ) RSA/SHA-1 RSA ( ) MD5 SHA-1 RSA/SHA-256 RSA/ SHA-1 RSA/SHA-1 RSA/SHA-256 RSA/SHA-1 RSA/MD5 SHA-1 SHA-1 ( SHA-256) SHA-1 hash SHA-1 hash (SHA-256 ) DNS 39

3.5 Key Sizes( ) ( [17](1996 Applied Cryptography ) 8.10 ) (ZSK vs KSK) 3.1.1 40

3.5 Key Sizes( ) RFC 3766 RFC 3766 state 1 1. 2 n 1996 90bits 90bit 3 2bit 2005 96bits 2010 100bit?! 41

3.5 Key Sizes( ) [13] n ( ) System requiremen t for attack resistance (bits) Symmetric key size (bits) RSA or DSA modulus size (bits) ( 1024bits 1300bits 2048bits) KSK 70 70 947 80 80 1228 90 90 1553 100 100 1926 150 150 4575 200 200 8719 250 250 14596 42

3.5 Key Sizes( ) DNS TLDs root zone 5 ZSK ( ) ZSK (KSK ) 100bits [16] 7.5 [17] [16] 43

3.5 Key Sizes( ) RRSIG DNSKEY DNS UDP RRSIG 2 44

3.5 Key Sizes( ) DNSSEC 1024bit 700bit 1024bit 10 1024bit 1024bit 80bit 1024bit 1024bit 2048bit ( (5/27)) 112bit CPU 1024bit 4 45

3.5 Key Sizes( ) 1024bit 1024bit web 1024bit TLS DNSSEC TLS DNSSEC TLS 1024bit 2048bit 1024bit TLS web 1024bit 15 RSA DSA 1024bit 46

3.6 Private Key Storage( ) RRSIG NSEC RR 47

3.6 Private Key Storage( ) DNS SOA RRs MNAME NS RRset NS RRSet NOTIFY IXFR AXFR 48

3.6 Private Key Storage( ) DNS DNS HSM ( TLD ) ( ) : ZSK KSK HSM DNSSEC (RFC 3007 ) RR 49

3.6 Private Key Storage( ) RR 50

4. Signature Generation, Key Rollover, and Related policies 4.1. Time in DNSSEC DNSSEC DNS REFRESH RETRY EXPIRATION minimum TTL (RR )TTL DNSSEC DNS bogus ( ) draft-morris-dnsop-dnssec-key-timing 51

4.1.1. Time Considerations 52

4.1.1. Time Considerations TTL fraction(???? (5/27)) 1? (5/27) TTL query RRset RFC 4033 section 7.1

4.1.1. Time Considerations query RR TTL 1 54

4.1.1. Time Considerations TTL authoritative 55

4.1.1. Timing Considerations TTL RR 5 10 TTL 2 56

4.1.1. Timing Considerations validator RR DS, DNSKEY, RRSIG, ( ) query RR recursive delegation point DS DNSKEY RRSIG TTL 57

4.1.1. Time Considerations RRSIG expire (?) SERVFAIL AA bit 58

4.1.1. Time Considerations expire SOA refresh refresh: SOA serial serial query RRSIG expire( ) SOA expire expire: SOA 2 refresh expire 59

4.1.1. Time Considerations DNSSEC SOA expire SOA expire RRSIG refresh refresh x RRSIG SOA expire 60

4.1.1. Time Considerations authoritative non-secure securityaware bogus( ) SOA expiration timer 1/3 1/4 61

4.1.1. Time Considerations watch dog ( )expire expire?? DNSSEC 62

4.2. Key Rollovers ( ) DNSSEC DNSSEC 63

4.2. Key Rollovers DNSKEY( ) RRSIG(by DNSKEY) 64

4.2.1. Zone Signing Key Rollovers ZSK 2 double signatures(4.2.1.2) pre-publication(4.2.1.1) 65

4.2.1.1. Pre-Publication Key Rollovers 2 DNS 1 66

Appendix B. Zone Signing Key Rollover How-To pre-published signature 67

Appendix B. Zone Signing Key rollover How-To Step 0: The preparation 2 DNSKEY RRset active published published (DNSSEC ) (DNSKEY) active published 68

Appendix B. Zone Signing Key Rollover How-To Step 1: Determine expiration active RRSIG TTL 69

Appendix B. Zone Signing key Rollover How-To Step 2 published published active active active rolled 70

Appendix B. Zone Signing Key Rollover How-To Step 3 1 (Step 1) It is safe to engine in a new rollover (Step 1) after at least one signature validity period. signature validity period DNSKEY RR TTL? validity validity period validity period DNSKEY RRSIG?(6/24) RRSIG TTL? 71

4.2.1.1. Pre-Published Key Rollover initial SOA0 RRSIG10(SOA0) DNSKEY1 DNSKEY10 KSK ZSK( ) RRSIG1 (DNSKEY) RRSIG10(DNSKEY) 72

4.2.1.1. Pre-Published Key Rollover new DNSKEY SOA1 RRSIG10(SOA1) DNSKEY1 ZSK( ) DNSKEY10 DNSKEY11 RRSIG1 (DNSKEY) RRSIG10(DNSKEY) DNSKEY10@ 73

4.2.1.1. Pre-Publish key Rollover DNSKEY 11 key set brute force attack +key set TTL 74

4.2.1.1. Pre-Published Key Rollover new RRSIG SOA2 RRSIG11(SOA2) DNSKEY1 DNSKEY10 DNSKEY11 RRSIG1 (DNSKEY) RRSIG11(DNSKEY) DNSKEY11@ RRSIG10@ DNSKEY10 75

4.2.1.1. Pre-Publish Key Rollover DNSKEY 11 DNSKEY 10 DNSKEY 10 key set ver.1(==soa1) ver.2(==soa2) key set ver.1 +ver.1 TTL 76

4.2.1.1. Pre-Published Key Rollover DNSKEY removal SOA3 RRSIG11(SOA3) DNSKEY1 DNSKEY11 RRSIG1 (DNSKEY) RRSIG11(DNSKEY) DNSKEY10 77

4.2.1.1. Pre-Publish key Rollover SOA0 RRSIG10(SOA0) DNSKEY1 DNSKEY10 DNSKEY11 RRSIG1 (DNSKEY) RRSIG10(DNSKEY) SOA1 RRSIG10(SOA1) DNSKEY1 DNSKEY10 DNSKEY11 RRSIG1 (DNSKEY) RRSIG11(DNSKEY) SOA2 RRSIG10(SOA2) DNSKEY1 DNSKEY11 DNSKEY12 RRSIG1 (DNSKEY) RRSIG11(DNSKEY) 78

4.2.1.1. Pre-Publish key Rollover SOA3 RRSIG10(SOA3) DNSKEY1 DNSKEY11 DNSKEY12 RRSIG1 (DNSKEY) RRSIG12(DNSKEY) SOA4 RRSIG10(SOA4) DNSKEY1 DNSKEY12 DNSKEY13 RRSIG1 (DNSKEY) RRSIG12(DNSKEY) 79

4.2.1.1. Pre-Publish Key Rollover new DNSKEY 80

4.2.1.2. Double Signature Zone Signing Key Rollover new DNSKEY stage authoritative validator TTL 81

4.2.1.2. Double Signature Zone Signing Key Rollover initial SOA0 RRSIG10(SOA0) DNSKEY1 DNSKEY10 RRSIG1 (DNSKEY) RRSIG10(DNSKEY) 82

4.2.1.2. Double Signature Zone Signing Key Rollover new DNSKEY SOA1 RRSIG10(SOA1) RRSIG11(SOA1) DNSKEY1 DNSKEY10 DNSKEY11 RRSIG1 (DNSKEY) RRSIG10(DNSKEY) RRSIG11(DNSKEY) DNSKEY10@ 83

4.2.1.2. Double Signature Zone Signing Key Rollover validator ver.0(initial) DNSKEY11 DNSKEY RRSet RRSIG10(*) ver.0 TTL 84

4.2.1.2. Double Signature Zone Signing Key Rollover DNSKEY removal SOA2 RRSIG11(SOA2) DNSKEY1 DNSKEY11 RRSIG1 (DNSKEY) RRSIG11(DNSKEY) DNSKEY DNSKEY11 85

4.2.1.2. Double Signature Zone Signing Key Rollover ( )RRSIG ( recursive query ) DNSKEY RRSet new DNSKEY TTL 86

4.2.1.2. Double Signature Zone Signing Key Rollover new DNSKEY ver.0 This way all caches are cleared of the old signatures.??? TTL 87

4.2.1.3. Pros and Cons of the Schemes Pre-Publish Key rollover 2 4 ( ZSK )KSK (4.2.3) 88

4.2.1.3. Pros and Cons of the Scheme Double signature ZSK rollover prohibitive: 3 89

4.2.2. Key Signing Key Rollovers KSK ZSK (zone apex key set ) key set double signature scheme KSK key set 90

4.2.2. Key Signing Key Rollovers initial Parent: SOA0 RRSigpar(SOA0) DS1 RRSigpar(DS) Child: SOA0 RRSIG10(SOA0) DNSKEY1 TTL_DS ::= TTL(DS1) DS authoritative TTL_DS DNSKEY10 RRSIG1 (DNSKEY) RRSIG10(DNSKEY) 91

4.2.2. Key Signing Key Rollovers new DNSKEY Parent: SOA0 RRSigpar(SOA0) DS1 RRSigpar(DS) Child: SOA0 RRSIG10(SOA1) DNSKEY1 DNSKEY2 DNSKEY10 RRSIG1 (DNSKEY) RRSIG2 (DNSKEY) RRSIG10(DNSKEY) 92

4.2.2. Key Signing Key Rollovers 2 KSK DNSKEY2 DNSKEY2 DS DS authoritative validator TTL_DS 93

4.2.2. Key Signing Key Rollovers DS change DS1@ Parent: SOA1 RRSigpar(SOA1) DS2 RRSigpar(DS) Child: SOA0 RRSIG10(SOA0) DNSKEY1 DNSKEY2 DNSKEY10 RRSIG1 (DNSKEY) RRSIG2 (DNSKEY) RRSIG10(DNSKEY) 94

4.2.2. Key Signing Key Rollovers DNSKEY removal Parent: SOA1 RRSigpar(SOA1) DS2 RRSigpar(DS) Child: SOA2 RRSIG10(SOA2) DNSKEY2 DNSKEY10 RRSIG2 (DNSKEY) RRSIG10(DNSKEY) 95

4.2.2. Key Signing Key Rollovers The scenario above puts the responsibility for maintaining a valid chain of trust with the child. 1 ( )1 DS inband KSK DNS? KSK DS 2 96

4.2.3. Difference Between ZSK and KSK Rollovers KSK trust anchor ZSK pre-publish(4.2.1.1) double signature(4.2.1.2) KSK key set ZSK KSK key set 97

4.2.3. Difference Between ZSK and KSK Rollovers KSK pre-publish pre-publish DS KSK pre-publish 98

4.2.3. Difference Between ZSK and KSK Rollovers -------------------------------------------------------------------- initial new DS new DNSKEY DS/DNSKEY removal -------------------------------------------------------------------- Parent: SOA0 SOA1 --------> SOA2 RRSIGpar(SOA0) RRSIGpar(SOA1) --------> RRSIGpar(SOA2) DS1 DS1 --------> DS2 DS2 --------> RRSIGpar(DS) RRSIGpar(DS) --------> RRSIGpar(DS) Child: SOA0 --------> SOA1 SOA1 RRSIG10(SOA0) --------> RRSIG10(SOA1) RRSIG10(SOA1) --------> DNSKEY1 --------> DNSKEY2 DNSKEY2 --------> DNSKEY10 --------> DNSKEY10 DNSKEY10 RRSIG1 (DNSKEY) --------> RRSIG2(DNSKEY) RRSIG2 (DNSKEY) RRSIG10(DNSKEY) --------> RRSIG10(DNSKEY) RRSIG10(DNSKEY) -------------------------------------------------------------------- 99

4.2.3. Difference Between ZSK and KSK Rollovers KSK ( DS) new DS DS1 DS2 DS DNS ( / ) DNSKEY1 DNSKEY2 DS 100

4.2.3. Difference Between ZSK and KSK Rollovers new DS DNSKEY2 DS2 DNSKEY2 DNS 4.4.3 security lame double signature 1 pre-publish 2 101

4.2.4. Key algorithm rollover [-bis ] 102

4.2.4. Key algorithm rollover RFC 4035 2.2 algorithm downgrade protection There MUST be an RRSIG for each RRset using at least one DNSKEY of each algorithm in the zone apex DNSKEY RRset. TTL DNSKEY DNSKEY 103

4.2.4. Key algorithm rollover ---------------------------------------------------------------- 1 Initial 2 New RRSIGS 3 New DNSKEY ---------------------------------------------------------------- SOA0 SOA1 SOA2 RRSIG1(SOA0) RRSIG1(SOA1) RRSIG1(SOA2) RRSIG2(SOA1) RRSIG2(SOA2) DNSKEY1 DNSKEY1 DNSKEY1 RRSIG1(DNSKEY) RRSIG1(DNSKEY) DNSKEY2 RRSIG2(DNSKEY) RRSIG1(DNSKEY) RRSIG2(DNSKEY) ---------------------------------------------------------------- 4 Remove DNSKEY 5 Remove RRSIGS ---------------------------------------------------------------- SOA3 RRSIG1(SOA3) RRSIG2(SOA3) SOA4 RRSIG2(SOA4) DNSKEY2 DNSKEY2 RRSIG1(DNSKEY) RRSIG2(DNSKEY) RRSIG2(DNSKEY) ---------------------------------------------------------------- 104

4.2.4. Key algorithm rollover step 2 key set key set RRSIG DNSKEY (step 3) 105

4.2.4. Key algorithm rollover step 4 ( DNSKEY) step 5 106

4.2.5. Automated Key Rollovers ZSK KSK 107

4.3. Planning for Emergency Key Rollover ( ) ( ) DNSSEC 108

4.3. Planning for Emergency Key Rollover DS resolver(validator) trust anchor (intact) 109

4.3. Planning for Emergency Key Rollover Zone operator validator 110

4.3.1. KSK Compromise KSK DNSKEY trust anchor DS KSK key set key set ZSK DNS 111

4.3.1. KSK Compromise KSK trust anchor DS DS KSK DS KSK 112

4.3.1. KSK Compromise KSK DS KSK ( ) KSK DNSKEY RR DS DS KSK DNSKEY RR 113

4.3.1.1. Keeping the Chain of Trust Intact KSK DS KSK DS KSK KSK key set 114

4.3.1.1. Keeping the Chain of Trust Intact KSK( ) KSK( ) ZSK KSK( ) ZSK KSK( ) 115

4.3.1.1. Keeping the Chain of Trust Intact 1. KSK( ) KSK( ) ZSK 2. DS( ) DS( ) 116

4.3.1.1. Keeping the Chain of Trust Intact 3.upload DS( ) KSK( ) KSK( ) ZSK 117

4.3.1.1. Keeping the Chain of Trust Intact 4. KSK 3. DS( ) authoritative (secondary ) DS( ) TTL DS( ) validator DS( ) 2. 118

4.3.1.1. Keeping the Chain of Trust Intact 5. KSK( ) KSK( ) ZSK 119

4.3.1.1. Keeping the Chain of Trust Intact An additional danger of a key compromise is that compromised key could be used to facilitate a legitimate DNSKEY/DS rollover and/or name server change at the parent. DNSKEY DS (?) (?) (?)

4.3.1.1. Keeping the Chain of Trust Intact (dispute) contact person out-of-band(dns ) DNSKEY DS 121

4.3.1.2. Breaking the Chain of Trust Bogus ( ) KSK DS( ) DS( ) Insecure ( =DNSSEC ) DS 122

4.3.2. ZSK Compromise ( ) ZSK KSK ZSK 123

4.3.2. ZSK Compromise ZSK RRSIG expire expire validator?? cache poisoning man-in-the-middle attack (6/24) (6/24) 124

4.3.3. Compromises of Keys Anchored in Resolvers DNSSEC root security aware resolver trust-anchor key SEP key.se ISP 4 (6/24) 125

4.3.3. Compromises of Keys Anchored in Resolvers trust anchor (DNSSEC social engineering ) SSL/TLS Web out-of-band (authenticated) 126

4.4. Parental Policies 4.4.1. Initial Key Exchanges and Parental Policiies Considerations (exchange:?) authorization authorization DNSSEC DNS 127

4.4.1. Initial Key Exchanges and Parental Policies Considerations DNSKEY out-of-band DNS SEP bit(dnskey flag 257) DNSKEY RRset DNSKEY RRset DNSKEY RR DNSKEY 128

4.4.1. Initial Key Exchanges and Parental Policies Considerations DNSKEY DNSKEY DNSKEY RRSIG? DNSKEY KSK 129

4.4.1. Initial Key Exchanges and Parental Policies Considerations DNS DNSKEY DNSKEY DS DNSKEY RR DNS 130

4.4.2. Storing Keys or Hashes? DNSKEY DS DS DNSKEY DS DS 131

4.4.2. Storing Keys or Hashes? ( ) DNSKEY DS DNSKEY whois DNS DS 132

4.4.2. Storing Keys or Hashes? DNSKEY DS (6/24) DS DNSKEY Extensible Provisioning Protocol(EPP) DNSSEC [RFC 4310] 133

4.4.3. Security Lameness DNSKEY DS Bogus( ) lame DS O.K.? DNS key id 134

4.4.3. Security Lameness DS SEP key security lame DNS 135

4.4.4. DS Signature Validity Period DS replay KSK Bogus DS 2 136

4.4.4. DS Signature Validity Period DS? 137

4.4.4. DS Signature Validity Period DS 1 DS TTL zone owner TTL authoritative query DS (6/ 24 ) 138

4.4.5. Changing DNS Operators 4.4.5.1. Cooperating DNS operators (thin) registrant( ) registrant DNSSEC DNS DNS 139

4.4.5.1. Cooperating DNS operators DNS registrant DNS registrant loosing operator( DNS ) gaining operator( DNS ) loosing operator gaining operator 140

4.4.5.1. Cooperating DNS operators pre-publish ZSK loosing operator gaining operator ZSK prepublish double signing KSK KSK KSK key set 141

4.4.5.1 Cooperating DNS Operators(initial) parent: NSA/DSA Child at A: ZSKA KSKA RRSIGZA(DNSKEY) RRSIGKA(DNSKEY) SOAA RRSIGZA(SOA) NSA RRSIGZA(NS) 142

4.4.5.1 Cooperating DNS Operators(pre-publish) parent: NSA/DSA Child at A: ZSKA ZSKB KSKA KSKB RRSIGZB RRSIGKB RRSIGZA RRSIGKA referral(non authoritative) Child at B: ZSKA ZSKB KSKA KSKB RRSIGZB(DNSKEY) RRSIGKB(DNSKEY) RRSIGZA(DNSKEY) RRSIGKA(DNSKEY) SOAA RRSIGZA(SOA) SOAB RRSIGZB(SOA) NSA NSB RRSIGZA(NS) authoritative NSB RRSIGZB(NS) 143

4.4.5.1 Cooperating DNS Operators(Redelegation) parent: NSB/DSB Child at A: ZSKA ZSKB KSKA KSKB RRSIGZB(DNSKEY) RRSIGKB(DNSKEY) RRSIGZA(DNSKEY) RRSIGKA(DNSKEY) SOAA RRSIGZA(SOA) NSA NSB RRSIGZA(NS) Child at B: ZSKA ZSKB KSKA DSA@ KSKB RRSIGZB(DNSKEY) RRSIGKB(DNSKEY) RRSIGZA(DNSKEY) RRSIGKA(DNSKEY) SOAB RRSIGZB(SOA) NSA NSB A query RRSIGZB(NS) 144

4.4.5.1 Cooperating DNS Operators(post migration) parent: NSB/DSB Child at B: ZSKB KSKB RRSIGZB(DNSKEY) RRSIGKB(DNSKEY) SOAB RRSIGZB(SOA) NSB RRSIGZB(NS) 145

4.4.5.2. Non Cooperating DNS Operators loosing operator DNS TTL DNSKEY loosing operator DNSKEY 146

4.4.5.2. Non Cooperating DNS Operators validator loosing operator ( ) gaining operator loosing operator RRSIG loosing operator 147

4.4.5.2. Non Cooperating DNS Operators NS RR loosing operator NSEC3 (zone enumerate ) RRSIG 148

4.4.5.2. Non Cooperating DNS Operators registrant loosing operator DS loosing operator DNSKEY 149

4.4.5.2. Non Cooperating DNS Operators DNSKEY 150

5. Next Record type 151

5. Next Record type NSEC/NSEC3 RRTYPE (glue ) RRTYPE NSEC NSEC3 152

5.1. Differences between NSEC and NSEC3 153

5.1. Differences between NSEC and NSEC3 154

5.1. Differences between NSEC and NSEC3 155

5.1. Differences between NSEC and NSEC3 156

5.1. Differences between NSEC and NSEC3 157

5.1. Differences between NSEC and NSEC3 158

5.2. NSEC or NSEC3 http://jpinfo.jp/event/2005/0825ietf.html 159

5.2. NSEC or NSEC3 160

5.2. NSEC or NSEC3 161

5.3. NSEC3 parameters DNS name compression 162

5.3.1. NSEC3 Algorithm 163

5.3.1. NSEC3 Algorithm 164

5.3.2. NSEC3 Iterations 165

5.3.2. NSEC3 Iterations 166

5.3.3. NSEC3 Salt 167

5.3.3. NSEC3 Salt 168

5.3.3. NSEC3 Salt 169

5.3.4. Opt-out 170

5.3.4. Opt-out 171

6. Security Considerations 172

7. IANA considerations 173

8. Acknowledgements 174

9. References 175

Appendix A. Terminology 176

Appendix B. Zone Signing Key Rollover How-To 177

Appendix C. Typographic Conventions 178

Appendix D. Document Editing History 179