Network Working Group | M. Miller |
Internet-Draft | P. Saint-Andre |
Intended status: Standards Track | Cisco Systems, Inc. |
Expires: August 26, 2013 | February 22, 2013 |
Using DNS Security Extensions (DNSSEC) and DNS-based Authentication of Named Entities (DANE) as a Prooftype for XMPP Domain Name Associations
draft-miller-xmpp-dnssec-prooftype-04
This document defines a prooftype that uses DNS-based Authentication of Named Entities (DANE) for associating a domain name with an XML stream in the Extensible Messaging and Presence Protocol (XMPP). It also defines a method that uses DNS Security (DNSSEC) for securely delegating a source domain to a derived domain in XMPP.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 26, 2013.
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The [XMPP-DNA] specification defines a framework for secure delegation and strong domain name associations (DNA) in the Extensible Messaging and Presence Protocol (XMPP). This document defines a secure delegation method that uses DNS Security (DNSSEC) [RFC4033] in conjuction with the standard DNS SRV records [RFC2782] employed in domain name resolution in XMPP, with the result that a client or peer server that inititates an XMPP stream can legitimately treat a derived domain as a reference identifier during stream negotiation. This document also defines a DNA prooftype that uses DNS-based Authentication of Named Entities [RFC6698] (DANE) to verify TLS certificates containing source domains or derived domains during stream negotiation.
This document inherits XMPP terminology from [RFC6120], DNS terminology from [RFC1034], [RFC1035], [RFC2782] and [RFC4033], and security terminology from [RFC4949] and [RFC5280]. The terms "source domain", "derived domain", "reference identifier", and "presented identifier" are used as defined in the "CertID" specification [RFC6125].
This document is applicable to connections made from an XMPP client to an XMPP server ("_xmpp-client._tcp") or between XMPP servers ("_xmpp-server._tcp"). In both cases, the XMPP initiating entity acts as a TLS client and the XMPP receiving entity acts as a TLS server. Therefore, to simplify discussion this document uses "_xmpp-client._tcp" to describe to both cases, unless otherwise indicated.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
An XMPP initiating entity (TLS client) that wishes to use the DNSSEC prooftype MUST do so before exchanging stanzas addressed to the source domain. In general, this means that the proof MUST be completed before the XMPP stream is restarted following STARTTLS negotiation (as specified in [RFC6120]). However, connections between XMPP servers MAY also use this prooftype to verify the addition of new source domains onto an existing connection, such as multiplexing or "piggybacking" via [XEP-0220].
In order to determine if delegation using DNS SRV records is secure, an XMPP initiating entity (TLS client) performs the following actions:
The foregoing secure delegation method can be used with the DANE prooftype defined below, or with the PKIX prooftype specified in [RFC6120].
DANE provides additional tools to verify the keys used in TLS connections. A TLS client MAY use DANE for TLS certificate verification; its use depends on the delegation status of the source domain, as described in the following sections.
If no SRV records are found for the source domain, then the TLS client MUST query for a TLSA resource record as described in [RFC6698], where the prepared domain name MUST contain the source domain and the IANA-registered port 5222 for client-to-server streams (e.g., "_5222._tcp.im.example.com") or the IANA-registered port 5269 for server-to-server streams (e.g., "_5269._tcp.im.example.com").
In this case, the TLS client MUST treat only the source domain as its reference identifier during certificate verification, as described in [RFC6120].
If the delegation of a source domain to a derived domain is not secure, then the TLS client MUST NOT make a TLSA record query to the derived domain as described in [RFC6698]. Instead, the TLS client MUST treat only the source domain as its reference identifier during certificate verification, as described in [RFC6120], and MUST NOT use DANE.
If the source domain has been delegated to a derived domain in a secure manner as described under Section 4, then the TLS client MUST query for a TLSA resource record as described in [RFC6698], where the prepared domain name MUST contain the derived domain and a port obtained from the SRV answer (e.g., "_5555._tcp/hosting.example.net" for an SRV record such as "_xmpp-client._tcp.im.example.com IN TLSA 1 1 5555 hosting.example.net").
If no TLSA resource records exist for the specified service, then the TLS client MUST perform certificate verification as described under Section 4.
If TLSA resource records exist for the specified service, then the TLS client MUST treat the derived domain(s) as its reference identifier during certificate verification, using the information from the TLSA answer as the basis for verification as described in [RFC6698].
The processes for the DANE prooftype MUST be complete before the TLS handshake over the XMPP connection finishes, so that the client can perform verification of reference identities. To that end, a TLS client SHOULD perform the processes for this prooftype as part of its normal DNS resolution of the source domain into a socket address. Validating secure delegation ought to be done immediately upon receiving the answers to the SRV and follow-up A/AAAA queries; queries for TLSA records ought to be done once the target service is determined (whether the source domain and IANA-registered port, or delegated domain and port).
Ideally a TLS client will perform the DNSSEC and DANE processes in parallel with other XMPP session establishment processes where possible (e.g., perform the TLSA resource queries as the socket connection is made to the server); this is sometimes called the "happy eyeballs" approach, similar to [RFC6555] for IPv4 and IPv6. However, a TLS client might delay as much of the XMPP session establishment as it needs to in order to gather all of the DNSSEC- and DANE-based verification material. For instance, a TLS client might not open the socket connection until it has validated the secure delegation, or it might delay beginning the TLS handshake until it has obtained the TLSA certificate verification material.
If the SRV, A/AAAA, and TLSA record queries are for an internationalized domain name, then they need to use the A-label form as defined in [RFC5890].
This document supplements but does not supersede the security considerations provided in [RFC4033], [RFC6120], [RFC6125], and [RFC6698].
This document has no actions for the IANA.
[RFC6555] | Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with Dual-Stack Hosts", RFC 6555, April 2012. |