CURRENT_MEETING_REPORT_
Reported by James Galvin/TIS
Minutes of the DNS Security Working Group (DNSSEC)
The DNS Security Working Group met on Wednesday, December 7, at the San
Jose IETF.
The Ohta-san and Eastlake/Kaufman Proposals
The meeting began with a review of the differences between the Ohta-san
and Eastlake/Kaufman proposals. It was noted that this version of both
documents have many similarities, with most differences in the
underlying details. The gross level differences identified were as
follows.
o The Ohta-san proposal does not include an explicit discussion of
key management or distribution while Eastlake/Kaufman does.
o The Ohta-san proposal does not include a revocation mechanism while
Eastlake/Kaufman does.
o The Ohta-san proposal specifies the creation of eight new resource
records for each algorithm supported while Eastlake/Kaufman
specifies two new resource records --- a key RR and a signature RR
--- each with an embedded algorithm identifier.
With respect to the first two differences, it was pointed out that the
Ohta-san proposal could be augmented to include the necessary
discussion.
There was detailed discussion of the operational implications of the
last difference. The issues raised included:
o Having separate resource records for each algorithm allows
servers/clients to easily request exactly those signature and keys
records they need.
o Having a single resource record with an embedded algorithm
identifier allows clients/servers to know immediately if a zone is
secure without having to query for all possible algorithms.
At the completion of the discussion the chair called for a consensus
from the working group as to which proposal represented the best
direction for the working group at this time. The working group chose
the Eastlake/Kaufman proposal.
Discussion of Technical Issues
The remainder of the time was devoted to a discussion of three technical
issues.
o Revocation
o Choice of algorithm
o Signing of non-authoritative data
On the topic of revocation, the working group concluded that this
mechanism was not needed by secure DNS. Instead, the document should
indicate that the expiration time of the signature should be a small
multiple of the original TTL for the resource record, thus requiring
that the data be re-signed on a regular schedule. The principal
motivation for this was that the working group believed that any
revocation mechanism conflicted with the TTL mechanism of the DNS
insofar as it was attempting to clear caches of invalid data. Further,
the mechanism proposed specified that revocation records be distributed
on a space available basis, so there was no guarantee that in fact it
would be available for processing.
On the topic of algorithm choices, a brief comparison of
Diffie-Hellman/ElGamal and RSA was presented. It was noted that with
respect to signature verification RSA outperformed
Diffie-Hellman/ElGamal by several orders of magnitude. In addition, the
size of an RSA signature was at most half the size of a comparable
Diffie-Hellman/ElGamal signature. There was brief mention of the
problems of export and use of cryptography internationally but no
conclusion was reached. The working group agreed that no change in the
choice of RSA was appropriate at this time.
With respect to the signing of non-authoritative data, in particular
zone delegation information, Ohta-san's proposal explicitly pointed out
that it was not necessary to do this as long as the key of the child
zone was signed by the parent's key. The discussion noted that with
Eastlake/Kaufman, if the data was signed, there would be three signature
records in addition to the KEY, NS, and A records that were returned,
which would have an unfavorably high probability of exceeding the
payload maximum for a UDP packet. Eastlake/Kaufman agreed to revise
their proposal to recommend that servers allow for the NS and A record
signature records to not be included if they do not fit, since they are
not required.