DNSSEC Policy & Practice Statement Framework
draft-ljunggren-dps-framework-00
Status of this Memo
This Internet-Draft is submitted to IETF in full
conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups.
Note that other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any time.
It is inappropriate to use Internet-Drafts as reference material or to cite
them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 6, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your
rights and restrictions with respect to this document.
Abstract
This document presents a framework to assist writers of DNSSEC policy and practice statements such as registry managers on both TLD and secondary level, who have deployed DNSSEC. DNSSEC is a set of security extensions to the DNS that allows validating DNS answers by to establishing a 'chains of trust' from known public keys to the data being validated.
The aim of this framework is to describe an overall policy for serving secured DNS data and key management. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) needs to be covered in a DNSSEC policy definition and practice statement.
Table of Contents
1.
Introduction
1.1.
Background
1.2.
Purpose
1.3.
Scope
2.
Definitions
3.
Concepts
3.1.
DNSSEC
3.2.
Signing policy and practice statement
3.3.
Relationship between policy and practice statement
3.4.
Set of provisions
4.
Contents of a set of provisions
5.
Outline of a set of provisions
6.
IANA Considerations
7.
Security Considerations
8.
References
8.1.
Normative References
8.2.
Informative References
Appendix A.
Definitions and Acronyms
§
Authors' Addresses
1.
Introduction
1.1.
Background
This document has been heavily inspired by
RFC 3647 (Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu, “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,” November 2003.) [RFC3647].
1.2.
Purpose
The purpose of this document is twofold. First, the
document aims to explain the concept of a DPS and describe
the relationship between the registry and the relying
parties. Second, this document aims to present a framework
to assist the writers of DPSs in creating comparable
policies and practices. In particular, the framework
identifies the elements that may need to be considered in
formulating a DPS. The purpose is not to define a
particular policy or practice, per se. Moreover, this
document does not aim to provide legal advice or
recommendations as to particular requirements or practices
that should be contained within DPSs.
1.3.
Scope
2.
Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described
in RFC 2119 (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.) [RFC2119].
3.
Concepts
3.1.
DNSSEC
3.2.
Signing policy and practice statement
3.3.
Relationship between policy and practice statement
3.4.
Set of provisions
4.
Contents of a set of provisions
5.
Outline of a set of provisions
1. Introduction
1.1. Overview
1.2. Definitions
1.3. Identification
1.4. Community and Applicability
1.4.1. Registry
1.4.2. Registrar
1.4.3. Registrant
1.4.4. Auditor
1.4.5. End Entities
1.4.6. Applicability
1.5. Specification Administration
1.5.1. Specification administration organization
1.5.2. Contact Information
1.5.3. Specification change procedures
1.5.4. Publication and notification policies
1.5.5. DPS approval procedures
2. General Provisions
2.1. Obligations
2.1.1. Registry obligations
2.1.2. Registrars obligations
2.1.3. Registrants obligations
2.1.4. Resolver operator obligations
2.2. Liability
2.3. Interpretation and Enforcement
2.3.1. Governing law
2.3.2. Dispute resolution procedures
2.4. Publication of key signing keys
2.5. Compliance audit
2.5.1. Frequency of entity compliance audit
2.5.2. Identity/qualifications of auditor
2.5.3. Auditor's relationship to audited party
2.5.4. Topics covered by audit
2.5.5. Actions taken as a result of deficiency
2.5.6. Communication of results
2.6. Confidentiality
2.6.1. Types of information to be kept confidential
2.6.2. Types of information not considered confidential
2.6.3. Other information release circumstances
2.7. Intellectual Property Rights
3. Identification and Authentication
3.1. Initial Registration
3.1.1. Authentication of organization identity
3.1.2. Authentication of individual identity
3.1.3. Registration of delegation signer
3.1.4. Method to prove possession of private key
3.2. Routine key roll-over
3.3. Emergency key roll-over
3.4. Unsigning of child zone
4. Operational Requirements
4.1. Activation of DNSSEC for child zone
4.2. Verification of child zone maintainer
4.3. Publishing of DS record
4.4. Removing of DS record
4.4.1. Who can request removal
4.4.2. Procedure for removal request
4.4.3. Circumstances for deactivation
4.4.4. Deactivation grace period
4.5. Security Audit Procedures
4.5.1. Types of event recorded
4.5.2. Frequency of processing log
4.5.3. Retention period for audit log
4.5.4. Protection of audit log
4.5.5. Audit log backup procedures
4.5.6. Audit collection system (internal vs external)
4.5.7. Notification to event-causing subject
4.5.8. Vulnerability assessments
4.6. Records Archival
4.6.1. Types of event recorded
4.6.2. Retention period for archive
4.6.3. Protection of archive
4.6.4. Archive backup procedures
4.6.5. Requirements for time-stamping of records
4.6.6. Archive collection system (internal or external)
4.6.7. Procedures to obtain and verify archive information
4.7. Zone signing
4.7.1. DNSSEC Parameters
4.7.2. Key lengths and algorithms
4.7.3. Signature format
4.7.4. Signature life-time and re-signing frequency
4.7.5. Verification of zone signing key set
4.7.6. Zone signing key roll-over
4.7.7. Key signing key roll-over
4.8. Compromise and Disaster Recovery
4.8.1. Incident and compromise handling procedures
4.8.2. Computing resources, software, and/or data are
corrupted
4.8.3. Entity private key compromise procedures
4.8.4. Business contingency capabilities after a disaster
4.9. Entity termination
4.9.1. Registry termination
5. Physical, Procedural, and Personnel Security Controls
5.1. Physical Controls
5.1.1. Site location and construction
5.1.2. Physical access
5.1.3. Power and air conditioning
5.1.4. Water exposures
5.1.5. Fire prevention and protection
5.1.6. Media storage
5.1.7. Waste disposal
5.1.8. Off-site backup
5.1.9. Maintenance procedures
5.2. Procedural Controls
5.2.1. Trusted roles
5.2.2. Number of persons required per task
5.2.3. Identification and authentication for each role
5.2.4. Tasks requiring separation of duties
5.3. Personnel Controls
5.3.1. Background, qualifications, experience, and
clearance requirements
5.3.2. Background check procedures
5.3.3. Separation of duties
5.3.4. Training requirements
5.3.5. Retraining frequency and requirements
5.3.6. Job rotation frequency and sequence
5.3.7. Sanctions for unauthorized actions
5.3.8. Contracting personnel requirements
5.3.9. Documentation supplied to personnel
6. Technical Security Controls
6.1. Key Pair Generation and Installation
6.1.1. Technical environment for key generation
6.1.2. Key pair generation procedures (KSK)
6.1.3. Public key delivery
6.1.4. Public key parameters generation
6.1.5. Parameter quality checking
6.1.6. Hardware/software key generation
6.1.7. Key usage purposes (KSK, ZSK)
6.2. Private Key Protection
6.2.1. Standards for cryptographic module
6.2.2. Private key (m-of-n) multi-person control
6.2.3. Private key escrow
6.2.4. Private key backup
6.2.5. Private key archival
6.2.6. Private key entry into cryptographic module
6.2.7. Method of activating private key
6.2.8. Method of deactivating private key
6.2.9. Method of destroying private key
6.3. Activation data
6.3.1. Activation data generation and installation
6.3.2. Activation data protection
6.3.3. Other aspects of activation data
6.4. Other Aspects of Key Pair Management
6.4.1. Public key archival
6.4.2. Key usage periods
6.5. Computer Security Controls
6.5.1. Specific computer security technical requirements
6.5.2. Computer security rating
6.6. Life Cycle Technical Controls
6.6.1. System development controls
6.6.2. Security management controls
6.7. Network Security Controls
6.8. Cryptographic Module Engineering Controls
6.
IANA Considerations
7.
Security Considerations
8.
References
8.1. Normative References
8.2. Informative References
| [RFC3647] |
Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu, “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,” RFC 3647, November 2003 (TXT). |
Appendix A.
Definitions and Acronyms
Authors' Addresses
| |
Fredrik Ljunggren |
| |
Kirei AB |
| |
P.O. Box 53204 |
| |
Goteborg SE-400 16 |
| |
Sweden |
| Email: |
fredrik@kirei.se |
| | |
| |
Anne-Marie Eklund-Lowinder |
| |
.SE |
| |
P.O. Box 7399 |
| |
Stockholm SE-103 91 |
| |
Sweden |
| Email: |
amel@iis.se |