Network Working Group | M. Miller |
Internet-Draft | P. Saint-Andre |
Intended status: Standards Track | Cisco Systems, Inc. |
Expires: December 08, 2012 | June 8, 2012 |
Using DNSSEC and DANE as a Prooftype for XMPP Delegation
draft-miller-xmpp-dnssec-prooftype-01
This document specifies how to use DNSSEC and DANE to securely delegate an XMPP service identified by a domain to a host associated with a different domain.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 08, 2012.
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
In the core XMPP specification [RFC6120], the domain to which an XMPP initiating entity wants to connect is asserted via the 'to' attribute of the <stream:stream> header, and the TLS certificate offered by the receiving server is required to match this source domain (e.g., "im.example.com"). However, this model can cause problems if the source domain is delegated (via DNS SRV records [RFC2782]) to a host associated with a different domain that is derived via SRV (e.g., "hosting.example.net"), since the derived domain might also be the delegate for a number of other source domains and, for operational and security reasons, a hosting server is rarely able to present a certificate that matches the source domain.
Absent the use of DNS Security [RFC4033], delegation via SRV does not provide a strong basis for checking the derived domain rather than the source domain. This document describes how the use of DNSSEC with SRV results in more secure delegation, such that the initiating XMPP server can legitimately check the derived domain rather than the source domain. This document also describes how to utilize [DANE] to verify TLS certificates of domains, delegated or otherwise.
This document inherits XMPP-related terminology from [RFC6120], DNS-related terminology from [RFC1034], [RFC1035], [RFC2782] and [RFC4033], and security-related terminology from [RFC4949] and [RFC5280]. The terms "source domain" and "derived domain" are used as defined in the "CertID" specification [RFC6125].
This document is applicable to connections made from an XMPP client to an XMPP server ("_xmpp-client._tcp") or between XMPP servers ("_xmpp-server._tcp"). In both cases, the XMPP initiating entity acts as a TLS client and the XMPP receiving entity acts as a TLS server. Therefore, to simplify discussion this document uses "_xmpp-client._tcp" to describe to both cases, unless otherwise indicated.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
An XMPP initiating entity (TLS client) that wishes to use this prooftype MUST do so before exchanging stanzas addressed to the source domain. In general, this means the prooftype MUST be completed before the XMPP stream is restarted following STARTTLS negotiation (as specified in [RFC6120]). However, connections between XMPP servers MAY also use this prooftype to verify delegations of additional source domains onto an existing connection, such as multiplexing via [XEP-0220].
An XMPP initiating entity (TLS client) that wishes to use this prooftype performs the following actions:
[DANE] provides additional tools to verify the keys used in TLS connections. A TLS client MAY use [DANE] for TLS certificate verification; its use depends on the delegation status of the source domain, as described in the following sections.
If no SRV records are found for the source domain, then the TLS client MUST query for a TLSA resource record as described in [DANE], where the prepared domain name MUST contain the source domain and the IANA-registered port 5222 for client-to-server streams (e.g. "_5222._tcp.im.example.com") or the IANA-registered port 5269 for server-to-server streams (e.g. "_5269._tcp.im.example.com").
In this case, the TLS client MUST perform certificate verification against the source domain as described in [RFC6120].
If the delegation of a source domain to a derived domain is not secure, then the TLS client MUST NOT make a TLSA record query to the derived domain as described in [DANE]. Instead, the TLS client MUST perform certificate verification against the source domain as described in [RFC6120], and MUST NOT use [DANE].
If the source domain has been delegated to a derived domain in a secure manner as described under Section 4, then the TLS client MUST query for a TLSA resource record as described in [DANE], where the prepared domain name MUST contain the derived domain and a port obtained from the SRV record (e.g. or "_5555._tcp/hosting.example.net" for an SRV record such as "_xmpp-client._tcp.im.example.com IN TLSA 1 1 5555 hosting.example.net").
If no TLSA resource records exist for the specified service, then the TLA client MUST perform certificate verification as described in Section 4.
If TLSA resource records exist for the specified service, then the TLS client MUST perform certificate verification against the derived domain, using the information from the TLSA answer as the basis for verification as described in [DANE].
If the SRV, A/AAAA, and TLSA record queries are for an internationalized domain name, then they need to use the A-label form as defined in [RFC5890].
This document supplements but does not supersede the security considerations provided in [RFC4033], [RFC6120], [RFC6125], and [DANE].
This document has no actions for the IANA.