Network Working Group F. Ljunggren Internet-Draft Kirei AB Intended status: Informational A-M. Eklund-Lowinder Expires: January 6, 2010 .SE July 5, 2009 DNSSEC Policy & Practice Statement Framework draft-ljunggren-dps-framework-00 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 6, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document presents a framework to assist writers of DNSSEC policy and practice statements such as registry managers on both TLD and Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 1] Internet-Draft DPS framework July 2009 secondary level, who have deployed DNSSEC. DNSSEC is a set of security extensions to the DNS that allows validating DNS answers by to establishing a 'chains of trust' from known public keys to the data being validated. The aim of this framework is to describe an overall policy for serving secured DNS data and key management. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) needs to be covered in a DNSSEC policy definition and practice statement. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Signing policy and practice statement . . . . . . . . . . . 3 3.3. Relationship between policy and practice statement . . . . 3 3.4. Set of provisions . . . . . . . . . . . . . . . . . . . . . 3 4. Contents of a set of provisions . . . . . . . . . . . . . . . . 3 5. Outline of a set of provisions . . . . . . . . . . . . . . . . 3 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . . 7 Appendix A. Definitions and Acronyms . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 2] Internet-Draft DPS framework July 2009 1. Introduction 1.1. Background This document has been heavily inspired by RFC 3647 [RFC3647]. 1.2. Purpose The purpose of this document is twofold. First, the document aims to explain the concept of a DPS and describe the relationship between the registry and the relying parties. Second, this document aims to present a framework to assist the writers of DPSs in creating comparable policies and practices. In particular, the framework identifies the elements that may need to be considered in formulating a DPS. The purpose is not to define a particular policy or practice, per se. Moreover, this document does not aim to provide legal advice or recommendations as to particular requirements or practices that should be contained within DPSs. 1.3. Scope 2. Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Concepts 3.1. DNSSEC 3.2. Signing policy and practice statement 3.3. Relationship between policy and practice statement 3.4. Set of provisions 4. Contents of a set of provisions 5. Outline of a set of provisions 1. Introduction 1.1. Overview 1.2. Definitions Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 3] Internet-Draft DPS framework July 2009 1.3. Identification 1.4. Community and Applicability 1.4.1. Registry 1.4.2. Registrar 1.4.3. Registrant 1.4.4. Auditor 1.4.5. End Entities 1.4.6. Applicability 1.5. Specification Administration 1.5.1. Specification administration organization 1.5.2. Contact Information 1.5.3. Specification change procedures 1.5.4. Publication and notification policies 1.5.5. DPS approval procedures 2. General Provisions 2.1. Obligations 2.1.1. Registry obligations 2.1.2. Registrars obligations 2.1.3. Registrants obligations 2.1.4. Resolver operator obligations 2.2. Liability 2.3. Interpretation and Enforcement 2.3.1. Governing law 2.3.2. Dispute resolution procedures 2.4. Publication of key signing keys 2.5. Compliance audit 2.5.1. Frequency of entity compliance audit 2.5.2. Identity/qualifications of auditor 2.5.3. Auditor's relationship to audited party 2.5.4. Topics covered by audit 2.5.5. Actions taken as a result of deficiency 2.5.6. Communication of results 2.6. Confidentiality 2.6.1. Types of information to be kept confidential 2.6.2. Types of information not considered confidential 2.6.3. Other information release circumstances 2.7. Intellectual Property Rights 3. Identification and Authentication 3.1. Initial Registration 3.1.1. Authentication of organization identity 3.1.2. Authentication of individual identity 3.1.3. Registration of delegation signer 3.1.4. Method to prove possession of private key 3.2. Routine key roll-over 3.3. Emergency key roll-over 3.4. Unsigning of child zone 4. Operational Requirements 4.1. Activation of DNSSEC for child zone Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 4] Internet-Draft DPS framework July 2009 4.2. Verification of child zone maintainer 4.3. Publishing of DS record 4.4. Removing of DS record 4.4.1. Who can request removal 4.4.2. Procedure for removal request 4.4.3. Circumstances for deactivation 4.4.4. Deactivation grace period 4.5. Security Audit Procedures 4.5.1. Types of event recorded 4.5.2. Frequency of processing log 4.5.3. Retention period for audit log 4.5.4. Protection of audit log 4.5.5. Audit log backup procedures 4.5.6. Audit collection system (internal vs external) 4.5.7. Notification to event-causing subject 4.5.8. Vulnerability assessments 4.6. Records Archival 4.6.1. Types of event recorded 4.6.2. Retention period for archive 4.6.3. Protection of archive 4.6.4. Archive backup procedures 4.6.5. Requirements for time-stamping of records 4.6.6. Archive collection system (internal or external) 4.6.7. Procedures to obtain and verify archive information 4.7. Zone signing 4.7.1. DNSSEC Parameters 4.7.2. Key lengths and algorithms 4.7.3. Signature format 4.7.4. Signature life-time and re-signing frequency 4.7.5. Verification of zone signing key set 4.7.6. Zone signing key roll-over 4.7.7. Key signing key roll-over 4.8. Compromise and Disaster Recovery 4.8.1. Incident and compromise handling procedures 4.8.2. Computing resources, software, and/or data are corrupted 4.8.3. Entity private key compromise procedures 4.8.4. Business contingency capabilities after a disaster 4.9. Entity termination 4.9.1. Registry termination 5. Physical, Procedural, and Personnel Security Controls 5.1. Physical Controls 5.1.1. Site location and construction 5.1.2. Physical access 5.1.3. Power and air conditioning 5.1.4. Water exposures 5.1.5. Fire prevention and protection 5.1.6. Media storage Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 5] Internet-Draft DPS framework July 2009 5.1.7. Waste disposal 5.1.8. Off-site backup 5.1.9. Maintenance procedures 5.2. Procedural Controls 5.2.1. Trusted roles 5.2.2. Number of persons required per task 5.2.3. Identification and authentication for each role 5.2.4. Tasks requiring separation of duties 5.3. Personnel Controls 5.3.1. Background, qualifications, experience, and clearance requirements 5.3.2. Background check procedures 5.3.3. Separation of duties 5.3.4. Training requirements 5.3.5. Retraining frequency and requirements 5.3.6. Job rotation frequency and sequence 5.3.7. Sanctions for unauthorized actions 5.3.8. Contracting personnel requirements 5.3.9. Documentation supplied to personnel 6. Technical Security Controls 6.1. Key Pair Generation and Installation 6.1.1. Technical environment for key generation 6.1.2. Key pair generation procedures (KSK) 6.1.3. Public key delivery 6.1.4. Public key parameters generation 6.1.5. Parameter quality checking 6.1.6. Hardware/software key generation 6.1.7. Key usage purposes (KSK, ZSK) 6.2. Private Key Protection 6.2.1. Standards for cryptographic module 6.2.2. Private key (m-of-n) multi-person control 6.2.3. Private key escrow 6.2.4. Private key backup 6.2.5. Private key archival 6.2.6. Private key entry into cryptographic module 6.2.7. Method of activating private key 6.2.8. Method of deactivating private key 6.2.9. Method of destroying private key 6.3. Activation data 6.3.1. Activation data generation and installation 6.3.2. Activation data protection 6.3.3. Other aspects of activation data 6.4. Other Aspects of Key Pair Management 6.4.1. Public key archival 6.4.2. Key usage periods 6.5. Computer Security Controls 6.5.1. Specific computer security technical requirements 6.5.2. Computer security rating Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 6] Internet-Draft DPS framework July 2009 6.6. Life Cycle Technical Controls 6.6.1. System development controls 6.6.2. Security management controls 6.7. Network Security Controls 6.8. Cryptographic Module Engineering Controls 6. IANA Considerations 7. Security Considerations 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 8.2. Informative References [RFC3647] Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework", RFC 3647, November 2003. Appendix A. Definitions and Acronyms Authors' Addresses Fredrik Ljunggren Kirei AB P.O. Box 53204 Goteborg SE-400 16 Sweden Email: fredrik@kirei.se Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 7] Internet-Draft DPS framework July 2009 Anne-Marie Eklund-Lowinder .SE P.O. Box 7399 Stockholm SE-103 91 Sweden Email: amel@iis.se Ljunggren & Eklund-Lowinder Expires January 6, 2010 [Page 8]