archive-org.com » ORG » J » JOSEFSSON.ORG

Total: 236

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".

  • resolved by other protocols than the DNS protocol or by using the DNS protocol in some other way than as described above e g multicast DNS DNS URIs do not require the use of the DNS protocol although it is expected to be the typical usage The previous paragraph only illustrate how DNS URIs are resolved using the DNS protocol A client MAY want to check that it understands the dnsclassval and dnstypeval before sending a query so that it will be able to understand the response However a typical example of a client that would not need to check dnsclassval and dnstypeval would be a proxy that would just treat the received answer as opaque data Character encoding considerations The characters are encoded as per the URI Generic Syntax RFC 4 The DNS protocol do not consider character sets it simply transports opaque data In particular the dnsname field of the DNS URI is to be considered an internationalized domain name IDN unaware domain name slot in the terminology of 15 The considerations for hostport are discussed in 4 Because is used as the DNS label separator an escaping mechanism Josefsson Expires March 3 2005 Page 5 Internet Draft DNS URI September 2004 is required to encode a that is part of a DNS label The escaping mechanism is described in section 5 1 of RFC 1035 For example a DNS label of exa mple can be escaped as exa mple or exa 046mple However the URI specification disallow the character from occuring directly in URIs so it must be escaped as 5c The single DNS label exa mple is thus encoded as exa 5c mple The same mechanism can be used to encode other characters for example and Note that and 2e are equivalent within dnsname and are interchangable This URI specification allows all possible domain names to be encoded of course following the encoding rules of 4 however certain applications may restrict the set of valid characters and care should be taken so that invalid characters in these contexts does not cause harm In particular host names in the DNS have certain restrictions It is up to these application to limit this subset this URI scheme places no restrictions Intended usage Whenever DNS resources are useful to reference by protocol independent identifiers often when the data is more important than the access method Since software in general has coped without this so far it is not anticipated to be implemented widely nor migrated to by existing systems but specific solutions especially security related may find this appropriate Applications and or protocols which use this scheme Security related software DNS administration tools Network programming packages Interoperability considerations The data referenced by this URI scheme might be transferred by protocols that are not URI aware such as the DNS protocol This is not anticipated to have any serious interoperability impact though Interoperability problems may occur if one entity understands a new DNS class type mnemonic and another entity do not understand it This is an interoperability problem for DNS software in general although it is not a major practical problem as the DNS types and classes are fairly static To guarantee interoperability implementations can use integers for all mnemonics not defined in 2 Interaction with Binary Labels 11 or other extended label types has not been analyzed However they appear to be infrequently used in practice Contact simon josefsson org Author Change Controller simon josefsson org Josefsson Expires March 3 2005 Page 6 Internet Draft DNS URI September 2004 3 Examples A DNS URI is of the following general form This is intended to illustrate not define the scheme dns authority domain CLASS class TYPE type The following illustrate a URI for a resource with the absolute name www example org the Internet IN class and the Address A type dns www example org clAsS IN tYpE A Since the default class is IN and the default type is A the same resource can be identified by a shorter URI using a relative name dns www example org The following illustrate a URI for a resource with the name simon example org for the CERT type in the Internet IN class dns simon example org type CERT The following illustrate a URI for a resource with the name ftp example org in the Internet IN class and the address A type but from the DNS authority 192 168 1 1 instead of the default authority dns 192 168 1 1 ftp example org type A The following illustrate various escaping techniques The owner name would be world wide web example domain org where denote the character as part of a label and denote the label separator dns world 20wide 20web example 5c domain example TYPE TXT The following illustrate a strange but valid DNS resource dns fw example org 20 00 example type TXT Josefsson Expires March 3 2005 Page 7 Internet Draft DNS URI September 2004 4 Security Considerations If a DNS URI references domains in the Internet DNS environment both the URI itself and the information referenced by the URI is public information If a DNS URI is used within an internal DNS environment both the DNS URI and the data is referenced should be handled using the same considerations that apply to DNS data in the environment If information referenced by DNS URIs are used to make security decisions examples of such data include but is not limited to certificates stored in the DNS implementations may need to employ security techniques such as Secure DNS 8 or even CMS 14 or OpenPGP 7 to protect the data during transport How to implement this will depend on the usage scenario and it is not up to this URI scheme to define how the data referenced by DNS URIs should be protected If applications accept unknown dnsqueryelement values e g accepts the URI dns www example org secret value without knowing what the secret value dnsqueryelement means a

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-10.txt (2016-04-30)
    Open archived version from archive


  • Diff: draft-josefsson-dns-url-09.txt - draft-josefsson-dns-url-10.txt
    IN CH dnsclassval 1 digit IN CH Any IANA registered DNS class expressed as Any IANA registered DNS class expressed mnemonic or as decimal integer as mnemonic or as decimal integer dnstypeval 1 digit A NS MD dnstypeval 1 digit A NS MD Any IANA registered DNS type expressed as Any IANA registered DNS type expressed mnemonic or as decimal integer as mnemonic or as decimal integer Unless specified in the URI the authority dnsauthority is assumed to be locally known the class dnsclassval to be the Internet class IN and the type dnstypeval to be the Address type A These default values match the typical use of DNS to look up addresses for host names A dnsquery element MUST NOT contain more than one occurance of the CLASS and TYPE fields For example both dns example TYPE A TYPE TXT and dns example TYPE A TYPE A are invalid However the fields may occur in any order so that both dns example TYPE A CLASS IN and dns example CLASS IN TYPE A are valid The digit representation of types and classes MAY be used when a The digit representation of types and classes MAY be used when a mnemonic for the corresponding value is not well known e g for mnemonic for the corresponding value is not well known e g for newly introduced types or classes but SHOULD NOT be used for the newly introduced types or classes but SHOULD NOT be used for the types or classes defined in the DNS specification 2 All types or classes defined in the DNS specification 2 All implementations MUST recognize the mnemonics defined in 2 implementations MUST recognize the mnemonics defined in 2 Unless specified in the URI the authority dnsauthority is To avoid ambiguity relative dnsname values i e those not ending assumed to be locally known dnsclassval to be the Internet class with are assumed to be relative to the root For example IN and dnstypeval to be the Address type A dns host example and dns host example both refer to the same owner name namely host example Further an empty dnsname value is considered to be a degenerative form of a relative name which refer to the root To resolve a DNS URI using the DNS protocol 2 a query is formed by To resolve a DNS URI using the DNS protocol 2 a query is created using the dnsname dnsclassval and dnstypeval from the URI string or using as input the dnsname dnsclassval and dnstypeval from the URI the previously mentioned default values if some value missing from string or the appropriate default values If an authority the string If authority dnsauthority is given in the URI dnsauthority is given in the URI string this indicate the server string this indicate the server that should receive the DNS query that should receive the DNS query otherwise the default DNS server otherwise the default DNS server should receive it Note that DNS should receive it URIs could be resolved by other protocols than the DNS protocol DNS URIs does not require the use of the DNS protocol although it is Note that DNS URIs could be resolved by other protocols than the DNS expected to be the typical usage This paragraph only illustrate how protocol or by using the DNS protocol in some other way than as DNS URIs are resolved using the DNS protocol described above e g multicast DNS DNS URIs do not require the use of the DNS protocol although it is expected to be the typical usage The previous paragraph only illustrate how DNS URIs are resolved using the DNS protocol A client MAY want to check that it understands the dnsclassval and A client MAY want to check that it understands the dnsclassval and dnstypeval before sending a query so that it is able to correctly dnstypeval before sending a query so that it will be able to parse the answer A typical example of a client that would not need understand the response However a typical example of a client that to check dnsclassval and dnstypeval would be a proxy that just treat would not need to check dnsclassval and dnstypeval would be a proxy the answer as opaque data that would just treat the received answer as opaque data Character encoding considerations The characters are encoded as per Character encoding considerations The characters are encoded as per the URI Generic Syntax RFC 4 The DNS protocol do not consider the URI Generic Syntax RFC 4 The DNS protocol do not consider character sets it simply transports opaque data In particular the character sets it simply transports opaque data In particular the dnsname field of the DNS URI is to be considered an dnsname field of the DNS URI is to be considered an internationalized domain name IDN unaware domain name slot in the internationalized domain name IDN unaware domain name slot in the terminology of 16 The reason for this is that making these fields terminology of 15 The considerations for hostport are discussed be IDN aware by e g specifying that they are UTF 8 7 strings in 4 would require further encoding mechanisms to be able to express all valid DNS domain names This is because the DNS allows all octet sequences to be used as domain labels so UTF 8 strings do not cover all possibilities Instead of defining further encoding mechanisms we point applications with internationalization needs at the ASCII encoding described in 16 which should be satisfactory The considerations for hostport are discussed in 4 To encode a that is part of a DNS label the escaped encoding Because is used as the DNS label separator an escaping mechanism MUST be used and a label delimiter MUST be encoded as That is is required to encode a that is part of a DNS label The the only way to encode a label delimiter is and the only way to escaping mechanism is described in section 5 1 of RFC 1035 For encode a as part of label is 2e This approach was chosen to example a DNS label of exa mple can be escaped as exa mple or minimize the modifications users will have to do when manually exa 046mple However the URI specification disallow the translating a domain name string into the URI form character from occuring directly in URIs so it must be escaped as 5c The single DNS label exa mple is thus encoded as exa 5c mple The same mechanism can be used to encode other characters for example and Note that and 2e are equivalent within dnsname and are interchangable This URI specification allows all possible domain names to be encoded This URI specification allows all possible domain names to be encoded of course following the encoding rules of 4 however certain of course following the encoding rules of 4 however certain applications may restrict the set of valid characters and care should applications may restrict the set of valid characters and care should be taken so that invalid characters in these contexts does not cause be taken so that invalid characters in these contexts does not cause harm In particular host names in the DNS have certain harm In particular host names in the DNS have certain restrictions It is up to these application to limit this subset restrictions It is up to these application to limit this subset this URI scheme places no restrictions this URI scheme places no restrictions Intended usage Whenever DNS resources are useful to reference by Intended usage Whenever DNS resources are useful to reference by protocol independent identifiers often when the data is more protocol independent identifiers often when the data is more important than the access method Since software in general has important than the access method Since software in general has coped without this so far it is not anticipated to be implemented coped without this so far it is not anticipated to be implemented widely nor migrated to by existing systems but specific solutions widely nor migrated to by existing systems but specific solutions especially security related may find this appropriate especially security related may find this appropriate Applications and or protocols which use this scheme Security related Applications and or protocols which use this scheme Security related software It may be of interest to auxilliary DNS related software software DNS administration tools Network programming packages too Interoperability considerations The data referenced by this URI Interoperability considerations The data referenced by this URI scheme might be transferred by protocols that are not URI aware such scheme might be transferred by protocols that are not URI aware such as the DNS protocol This is not anticipated to have any serious as the DNS protocol This is not anticipated to have any serious interoperability impact though interoperability impact though Interoperability problems may occur if one entity understands a new Interoperability problems may occur if one entity understands a new DNS type or class mnemonic but another entity do not understand it DNS class type mnemonic and another entity do not understand it This is an interoperability problem for DNS software in general This is an interoperability problem for DNS software in general although it is not a major practical problem as the DNS types and although it is not a major practical problem as the DNS types and classes are fairly static To guarantee interoperability classes are fairly static To guarantee interoperability implementations c ould use integers for all mnemonics not defined in implementations c an use integers for all mnemonics not defined in 2 2 Interaction with Binary Labels 1 2 or other extended label types Interaction with Binary Labels 1 1 or other extended label types has not been analyzed However they appear to be infrequently used has not been analyzed However they appear to be infrequently used in practice in practice Security considerations See below Contact simon josefsson org Contact simon josefsson org Author Change Controller simon josefsson org Author Change Controller simon josefsson org 3 Examples 3 Examples A DNS URI is of the following general form This is intended to A DNS URI is of the following general form This is intended to illustrate not define the scheme illustrate not define the scheme dns authority domain type TYPE class CLASS dns authority domain CLASS class TYPE type The following illustrate a URI for a resource with the name The following illustrate a URI for a resource with the absolute name www example org the Internet IN class and the Address A type www example org the Internet IN class and the Address A type dns www example org class IN type A dns www example org clAsS IN tYpE A Since the default class is IN and the default type is A the same Since the default class is IN and the default type is A the same resource can be identified by a shorter URI resource can be identified by a shorter URI using a relative name dns www example org dns www example org The following illustrate a URI for a resource with the name The following illustrate a URI for a resource with the name simon example org for the CERT type in the Internet IN class simon example org for the CERT type in the Internet IN class dns simon example org type CERT dns simon example org type CERT The following illustrate a URI for a resource with the name The following illustrate a URI for a resource with the name ftp example org in the Internet IN class and the address A ftp example org in the Internet IN class and the address A type but from the DNS authority 192 168 1 1 instead of the default type but from the DNS authority 192 168 1 1 instead of the default authority i e when DNS is used the query is sent to that server authority dns 192 168 1 1 ftp example org type A dns 192 168 1 1 ftp example org type A The following illustrate a strange albeit valid DNS resource Note The following illustrate various escaping techniques The owner name the encoding of and 0x00 and the use of a named dnsauthority would be world wide web example domain org where denote the character as part of a label and denote the label separator dns internal dns example org 3f 20 00 2e 25 type TXT dns world 20wide 20web example 5c domain example TYPE TXT The following illustrate a strange but valid DNS resource dns fw example org 20 00 example type TXT 4 Security Considerations 4 Security Considerations If a DNS URI references domains in the Internet DNS environment both If a DNS URI references domains in the Internet DNS environment both the URI itself and the information referenced by the URI is public the URI itself and the information referenced by the URI is public information If a DNS URI is used within an internal DNS information If a DNS URI is used within an internal DNS environment both the DNS URI and the data is referenced should be environment both the DNS URI and the data is referenced should be handled using the same considerations that apply to DNS data in the handled using the same considerations that apply to DNS data in the environment environment If information referenced by DNS URIs are used to make security If information referenced by DNS URIs are used to make security decisions examples of such data include but is not limited to decisions examples of such data include but is not limited to certificates stored in the DNS implementations may need to employ certificates stored in the DNS implementations may need to employ security techniques such as Secure DNS 9 or even CMS 15 or security techniques such as Secure DNS 8 or even CMS 14 or OpenPGP 8 to protect the data during transport How to implement OpenPGP 7 to protect the data during transport How to implement this will depend on the usage scenario and it is not up to this URI this will depend on the usage scenario and it is not up to this URI scheme to define how the data referenced by DNS URIs should be scheme to define how the data referenced by DNS URIs should be protected protected If applications accept unknown dnsqueryelement values e g accepts If applications accept unknown dnsqueryelement values e g accepts the URI dns www example org secret value without knowing what the the URI dns www example org secret value without knowing what the secret value dnsqueryelement means a covert channel used to secret value dnsqueryelement means a covert channel used to leak information may be enabled The implications of covert leak information may be enabled The implications of covert channels should be understood by applications that accepts unknown channels should be understood by applications that accepts unknown dnsqueryelement values dnsqueryelement values This draft does not modify the security considerations related to the Slight variations such as difference between upper and lower case in DNS or URIs in general the dnsname field can be used as a covert channel to leak information 5 IANA Considerations 5 IANA Considerations The IANA is asked to register the DNS URI scheme using the template The IANA is asked to register the DNS URI scheme using the template in section 2 in accordance with RFC 2717 1 3 in section 2 in accordance with RFC 2717 1 2 Acknowledgments Acknowledgments Thanks to Stuart Cheshire Donald Eastlake Pasi Eronen Ted Hardie Thanks to Stuart Cheshire Donald Eastlake Pasi Eronen Ted Hardie Peter Koch Andrew Main Larry Masinter Michael Mealling Steve Peter Koch Andrew Main Larry Masinter Michael Mealling Steve Mattson and Paul Vixie for comments and suggestions The author Mattson and Paul Vixie for comments and suggestions The author acknowledges the RSA Laboratories for supporting the work that led to acknowledges the RSA Laboratories for supporting the work that led to this document this document Normative References 6 References 6 1 Normative References 1 Mockapetris P Domain names concepts and facilities STD 1 Mockapetris P Domain names concepts and facilities STD 13 RFC 1034 November 1987 13 RFC 1034 November 1987 2 Mockapetris P Domain names implementation and 2 Mockapetris P Domain names implementation and specification STD 13 RFC 1035 November 1987 specification STD 13 RFC 1035 November 1987 3 Crocker D and P Overell Augmented BNF for Syntax 3 Crocker D and P Overell Augmented BNF for Syntax Specifications ABNF RFC 2234 November 1997 Specifications ABNF RFC 2234 November 1997 4 Berners Lee T Fielding R and L Masinter Uniform Resource 4 Berners Lee T Fielding R and L Masinter Uniform Resource Identifiers URI Generic Syntax RFC 2396 August 1998 Identifiers URI Generic Syntax RFC 2396 August 1998 Informative References 6 2 Informative References 5 Postel J and J Reynolds File Transfer Protocol STD 9 5 Postel J and J Reynolds File Transfer Protocol STD 9 RFC 959 October 1985 RFC 959 October 1985 6 Bradner S Key words for use in RFCs to Indicate Requirement 6 Bradner S Key words for use in RFCs to Indicate Requirement Levels BCP 14 RFC 2119 March 1997 Levels BCP 14 RFC 2119 March 1997 7 Yergeau F UTF 8 a transformation format of ISO 10646 RFC 7 Callas J Donnerhacke L Finney H and R Thayer OpenPGP 2279 January 1998 8 Callas J Donnerhacke L Finney H and R Thayer OpenPGP Message Format RFC 2440 November 1998 Message Format RFC 2440 November 1998 9 Eastlake D Domain Name System Security Extensions RFC 8 Eastlake D Domain Name System Security Extensions RFC 2535 March 1999 2535 March 1999 10 Eastlake D and O Gudmundsson Storing Certificates in the 9 Eastlake D and O Gudmundsson Storing Certificates in the Domain Name System DNS RFC 2538 March 1999 Domain Name System DNS RFC 2538 March 1999 1 1

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-10-from-09.diff.html (2016-04-30)
    Open archived version from archive


  • and dnstypeval would be a proxy that just treat the answer as opaque data Character encoding considerations The characters are encoded as per the URI Generic Syntax RFC 4 The DNS protocol do not consider character sets it simply transports opaque data In particular the dnsname field of the DNS URI is to be considered an internationalized domain name IDN unaware domain name slot in the terminology of 16 The reason for this is that making these fields be IDN aware by e g specifying that they are UTF 8 7 strings would require further encoding mechanisms to be able to express all valid DNS domain names This is because the DNS allows all octet sequences to be used as domain labels so UTF 8 strings do not cover all possibilities Instead of defining further encoding mechanisms we point applications with internationalization needs at the ASCII encoding described in 16 which should be satisfactory The considerations for hostport are discussed in 4 To encode a that is part of a DNS label the escaped encoding MUST be used and a label delimiter MUST be encoded as That is the only way to encode a label delimiter is and the only way to encode a as part of label is 2e This approach was chosen to minimize the modifications users will have to do when manually translating a domain name string into the URI form This URI specification allows all possible domain names to be encoded of course following the encoding rules of 4 however certain applications may restrict the set of valid characters and care should be taken so that invalid characters in these contexts does not cause harm In particular host names in the DNS have certain restrictions It is up to these application to limit this subset this URI scheme places no restrictions Intended usage Whenever DNS resources are useful to reference by protocol independent identifiers often when the data is more important than the access method Since software in general has coped without this so far it is not anticipated to be implemented Josefsson Expires April 25 2004 Page 5 Internet Draft DNS URI October 2003 widely nor migrated to by existing systems but specific solutions especially security related may find this appropriate Applications and or protocols which use this scheme Security related software It may be of interest to auxilliary DNS related software too Interoperability considerations The data referenced by this URI scheme might be transferred by protocols that are not URI aware such as the DNS protocol This is not anticipated to have any serious interoperability impact though Interoperability problems may occur if one entity understands a new DNS type or class mnemonic but another entity do not understand it This is an interoperability problem for DNS software in general although it is not a major practical problem as the DNS types and classes are fairly static To guarantee interoperability implementations could use integers for all mnemonics not defined in 2 Interaction with Binary Labels 12 or other extended label types has not been analyzed However they appear to be infrequently used in practice Security considerations See below Contact simon josefsson org Author Change Controller simon josefsson org Josefsson Expires April 25 2004 Page 6 Internet Draft DNS URI October 2003 3 Examples A DNS URI is of the following general form This is intended to illustrate not define the scheme dns authority domain type TYPE class CLASS The following illustrate a URI for a resource with the name www example org the Internet IN class and the Address A type dns www example org class IN type A Since the default class is IN and the default type is A the same resource can be identified by a shorter URI dns www example org The following illustrate a URI for a resource with the name simon example org for the CERT type in the Internet IN class dns simon example org type CERT The following illustrate a URI for a resource with the name ftp example org in the Internet IN class and the address A type but from the DNS authority 192 168 1 1 instead of the default authority i e when DNS is used the query is sent to that server dns 192 168 1 1 ftp example org type A The following illustrate a strange albeit valid DNS resource Note the encoding of and 0x00 and the use of a named dnsauthority dns internal dns example org 3f 20 00 2e 25 type TXT Josefsson Expires April 25 2004 Page 7 Internet Draft DNS URI October 2003 4 Security Considerations If a DNS URI references domains in the Internet DNS environment both the URI itself and the information referenced by the URI is public information If a DNS URI is used within an internal DNS environment both the DNS URI and the data is referenced should be handled using the same considerations that apply to DNS data in the environment If information referenced by DNS URIs are used to make security decisions examples of such data include but is not limited to certificates stored in the DNS implementations may need to employ security techniques such as Secure DNS 9 or even CMS 15 or OpenPGP 8 to protect the data during transport How to implement this will depend on the usage scenario and it is not up to this URI scheme to define how the data referenced by DNS URIs should be protected If applications accept unknown dnsqueryelement values e g accepts the URI dns www example org secret value without knowing what the secret value dnsqueryelement means a covert channel used to leak information may be enabled The implications of covert channels should be understood by applications that accepts unknown dnsqueryelement values This draft does not modify the security considerations related to the DNS or URIs in general 5 IANA Considerations The IANA is asked to register the DNS URI scheme using the template in section 2 in accordance

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-09.txt (2016-04-30)
    Open archived version from archive


  • and free insertion of linear white space is not permitted dnsurl dns hostport hostname query See RFC 2396 for hostport and hostname definitions query queryelement query queryelement CLASS classval TYPE typeval 1 alphanum 1 alphanum classval 1 digit IN CH Any standard DNS class expressed as mnemonic or as decimal integer typeval 1 digit A NS MD Any standard DNS type expressed as mnemonic or as decimal integer The digit representation of types and classes SHOULD NOT be used Josefsson Expires February 11 2002 Page 3 Internet Draft DNS URL scheme August 2001 when a defined mnemonic for the corresponding value is known Unless specified the server is assumed to be locally pre configured and class to be the Internet class IN and type to be the Address A type To resolve a DNS URL using the DNS protocol 2 a query is formed by using the hostname classval and typeval from the URL string or the previously mentioned default values if either classval or typeval is missing from the string If hostport is given in the URL string this server should receive the DNS query 4 Character Encoding Considerations Since 8 bit characters are not permitted in URLs they must be encoded as per the URI Generic Syntax RFC DNS domains has been historically restricted to a subset of the US ASCII alphabet but recent work within the IETF IDN working group is likely to change this restriction Since this specification re uses the hostport definition from the URI specification 5 a possible future update of the hostport definition within the URL specifications might be sufficient to adapt DNS URLs to IDNs 5 Intended Usage Broad usage 6 Applications and or Protocols Using This Scheme E g CNRP 7 Interoperability Considerations The data referenced by this URL scheme might be transfered by protocols that aren t MIME aware such as the DNS protocol This is not anticipated to have any serious interoperability impact though 8 Security Considerations A DNS URL does not embed confidential information If it references domains in the Internet DNS environment even the information referenced by the URL is public information If a DNS URL is used within a internal DNS environment the same security considerations of the DNS environment apply to the use and handling of DNS URLs themselves as well as the data returned by looking up these URLs If security related information is referenced by DNS URLs such as certificates stored in DNS care must be taken to prevent for Josefsson Expires February 11 2002 Page 4 Internet Draft DNS URL scheme August 2001 man in the middle attacks that malicously replace the certificate Techniques such as Secure DNS may be used This draft does not affect the security considerations related to DNS itself 9 IANA Considerations The IANA is asked to register the DNS URL scheme using this document as the template in accordance with RFC 2717 8 10 Examples The following illustrate a DNS query for www example org for the

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-02.txt (2016-04-30)
    Open archived version from archive


  • dns server domain type TYPE class CLASS 3 URL Scheme Syntax Strings are not case sensitive and free insertion of linear white space is not permitted dnsurl dns hostport hostname query See RFC 2396 for hostport and hostname definitions query queryelement query queryelement CLASS classval TYPE typeval 1 alphanum 1 alphanum classval 1 digit IN CH Any standard DNS class expressed as mnemonic or as decimal integer typeval 1 digit A NS MD Any standard DNS type expressed as mnemonic or as decimal integer Josefsson Expires December 15 2001 Page 3 Internet Draft DNS URL scheme June 2001 The digit representation of types and classes SHOULD NOT be used when a defined mnemonic for the corresponding value is known Unless specified the server is assumed to be locally pre configured and class to be the Internet class IN and type to be the Address A type 4 Character Encoding Considerations Since 8 bit characters are not permitted in URLs they must be encoded as per the URI Generic Syntax RFC DNS domains has been historically restricted to a subset of the US ASCII alphabet but recent work within the IETF IDN working group is likely to change this restriction Since this specification re uses the hostport definition from the URI specification 5 a possible future update of the hostport definition within the URL specifications might be sufficient to adapt DNS URLs to IDNs 5 Intended Usage Broad usage The application dns or text dns MIME types are associated with this URL scheme 10 6 Applications and or Protocols Using This Scheme E g CNRP 7 Interoperability Considerations The data referenced by this URL scheme might be transfered by protocols that aren t MIME aware such as the DNS protocol This is not anticipated to have any serious interoperability impact though 8 Security Considerations A DNS URL does not embed confidential information If it references domains in the Internet DNS environment even the information references by the URL is public information If a DNS URL is used within a internal DNS environment the same security considerations of the DNS environment apply to the use and handling of DNS URLs themselves as well as the data returned by looking up these URLs If security related information is referenced by DNS URLs such as certificates stored in DNS care must be taken to prevent for man in the middle attacks that malicously replace the certificate Techniques such as Secure DNS may be used This draft does not affect the security considerations related to Josefsson Expires December 15 2001 Page 4 Internet Draft DNS URL scheme June 2001 DNS itself 9 IANA Considerations The IANA is asked to register the DNS URL scheme using this document as the template in accordance with RFC 2717 9 10 Examples This illustrate a DNS query for www example org for the Internet IN class and the Address A type dns www example org class IN type A This illustrate a DNS query for simon example org for

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-01.txt (2016-04-30)
    Open archived version from archive


  • network resources URLs are often used To be able to reference certificates stored in DNS by a URL a DNS URL scheme is required The DNS URL scheme described here can be used to reference any DNS resource record not only certificates This memo is known to be incomplete and perhaps lack some of the background research required to properly define a new URL scheme Especially the BNF should not be regarded as cast in stone 2 DNS URL Scheme A DNS URL designate a DNS resource record by domain name type and class and optionally server The DNS URL follow the generic syntax from RFC 2396 4 and is described using ABNF 3 in section 5 A DNS URL is of the following general form This is intended to illustrate not define the scheme dns server domain type TYPE class CLASS Unless specified the server is assumed to be locally configured and class to be the Internet class IN 3 Character encoding considerations Since 8 bit characters are not permitted in URLs they must be encoded as per the URI Generic Syntax RFC The character set issue should be dealt with in this section but awaits the outcome of the IDN work group 4 Examples This illustrate a DNS query for www example org for the Internet class and the Address type dns www example org class IN type A This illustrate a DNS query for simon example org for the CERT type in the Internet class dns simon example org type CERT This illustrate a DNS query for ftp example org from the DNS Josefsson Expires May 25 2001 Page 3 Internet Draft DNS URL scheme November 2000 server internal dns example org server and the address type dns internal dns example org ftp example org type A 5 DNS URL scheme BNF definition Strings are not case sensitive and free insertion of linear white space is not permitted dnsurl dns hostport hostname TYPE type TYPE class See RFC 2396 for hostport and hostname definition type A NS MD Any standard DNS type class IN CH Any standard DNS class 6 Security Considerations A DNS URL does not embed confidential information If used to encode domain names in the Internet DNS environment even the information retrieved is public If a DNS URL is used within a internal DNS environment the same security considerations of the DNS environment apply to the use and handling of DNS URLs themselves and the data returned by looking up these URLs This draft does not affect the security considerations related to DNS itself References 1 Mockapetris P Domain Names Concepts and Facilities RFC 1034 November 1987 2 Mockapetris P Domain Names Implementation and Specification RFC 1035 November 1987 3 Crocker D and P Overell Augmented BNF for Syntax Specifications ABNF RFC 2234 November 1997 4 Berners Lee T Fielding R and L Masinter Uniform Resource Identifiers URI Generic Syntax RFC 2396 August 1998 5 Eastlake D and O Gudmundsson Storing Certificates in the

    Original URL path: http://www.josefsson.org/dns-url/draft-josefsson-dns-url-00.txt (2016-04-30)
    Open archived version from archive

  • Diff: draft-josefsson-openpgp-mailnews-header-06.txt - draft-josefsson-openpgp-mailnews-header.txt
    RFC2045 The various provisions of RFC 2045 apply In particular the value part of provisions of RFC 2045 apply In particular the value part of parameters may be quoted whitespace folding and comments may occur parameters may be quoted whitespace folding and comments may occur in the middle of parameters except as noted below The provisions in the middle of parameters except as noted below of MIME Parameter Extensions RFC2231 also apply in particular that document deals with handling parameters of excessive length The OpenPGP header field is defined below in the Augmented BNF The OpenPGP header field is defined below in the Augmented BNF RFC5234 notation By itself however this grammar is incomplete RFC5234 notation By itself however this grammar is incomplete It refers by name to syntax rules that are defined in RFC 28 22 and It refers by name to syntax rules that are defined in RFC 53 22 and RFC3986 Rather than reproduce those definitions here and risk RFC3986 Rather than reproduce those definitions here and risk unintentional differences between the two this document refers the unintentional differences between the two this document refers the reader to the other documents for the definition of non terminals reader to the other documents for the definition of non terminals Implementations MUST understand the id url and preference Implementations MUST understand the id url and preference attributes Parameter with unrecognized attributes MUST be ignored attributes Parameter with unrecognized attributes MUST be ignored The grammar permits unknown parameters to allow for future The grammar permits unknown parameters to allow for future extensions Each parameter attribute e g url MUST NOT occur extensions Each parameter attribute e g url MUST NOT occur more than once in any single instance of the OpenPGP field The more than once in any single instance of the OpenPGP field The OpenPGP field itself MAY occur more than once in a single email for OpenPGP field itself MAY occur more than once in a single email for example if the sender has multiple keys example if the sender has multiple keys openpgp OpenPGP SP o params CRLF openpgp OpenPGP o params CRLF CFWS is defined in RFC 2822 CFWS is defined in RFC 5322 SP and CRLF are defined in RFC 5234 CRLF is defined in RFC 5234 o params o parameter o parameter o params o parameter o parameter o parameter CFWS id id CFWS o parameter CFWS id id CFWS CFWS url url CFWS CFWS url url CFWS CFWS preference preference CFWS CFWS preference preference CFWS CFWS parameter CFWS normally unused for extensions CFWS parameter CFWS normally unused for extensions parameter is defined in RFC 2045 parameter is defined in RFC 2045 id 1 8HEXDIG id 1 8HEXDIG HEXDIG is defined in RFC 5234 HEXDIG is defined in RFC 5234 Matching of value is case insensitive Matching of value is case insensitive url absoluteURI quoted url url folded uri quoted url absoluteURI is defined in RFC 3986 If the URL contains the character If

    Original URL path: http://www.josefsson.org/openpgp-header/draft-josefsson-openpgp-mailnews-header-from--06.diff.html (2016-04-30)
    Open archived version from archive

  • The "OpenPGP" mail and news header field
    unused for extensions parameter is defined in RFC 2045 id 1 8 HEXDIG HEXDIG is defined in RFC 5234 Matching of value is case insensitive url folded uri quoted url If the URL contains the character the quoted url form MUST be used quoted url DQUOTE folded uri DQUOTE DQUOTE is defined in RFC 5234 folded uri absolute URI but free insertion of FWS permitted absoluteURI is defined in RFC 3986 FWS is defined in RFC 5234 preference sign encrypt signencrypt unprotected Matching of values is case insensitive The folded URI MAY contain folding whitespace FWS RFC5322 Resnick P Ed Internet Message Format October 2008 which is ignored To convert a folded URI to a absolute URI first apply standard RFC5322 Resnick P Ed Internet Message Format October 2008 unfolding rules replacing FWS with a single SP and then delete any remaining un encoded SP characters Folding may be used to shorten long lines TOC 3 1 Primary Key ID field id The id parameter if present MUST hold the Key ID or key fingerprint for the primary key The value uses the hex Josefsson S The Base16 Base32 and Base64 Data Encodings October 2006 RFC4648 notation The parameter value is case insensitive The length of the field determines whether it denotes a Key ID 8 hex symbols a long Key ID 16 hex symbols a v3 key fingerprint 32 hex symbols or a v4 key fingerprint 40 hex symbols Note that each of the following examples includes a comment which is optional id 12345678 short key ID id 1234567890ABCDEF long key ID id 1234567890abcdef0123456789ABCDEF01234567 v4 fingerprint id 1234567890ABCDEF0123456789ABCDEF v3 fingerprint deprecated TOC 3 2 Key URL field url The url parameter if present MUST specify a URL where the public key can be found It is RECOMMENDED to use a common URL family such as HTTP Fielding R Gettys J Mogul J Frystyk H Masinter L Leach P and T Berners Lee Hypertext Transfer Protocol HTTP 1 1 June 1999 RFC2616 or FTP Postel J and J Reynolds File Transfer Protocol October 1985 RFC0959 The URL MUST be fully qualified MUST explicitly specify a protocol and SHOULD be accessible on the public Internet The content of where the URL points SHOULD be either an ASCII armored or binary OpenPGP packet containing the key A valid reason for storing something else may be if the key has been revoked For example url http example org pgp txt url http example org funny name txt If the URL contains the character the entire URL MUST be quoted as illustrated in the example TOC 3 3 Protection Preference Field preference The preference parameter if present specify the quality of protection preferred by the sender The parameter value is case insensitive The available values are as follows A unprotected token means that the sender prefers not to receive OpenPGP protected e mails A sign token means that the sender prefers to receive digitally signed e mails A encrypt token means that the sender

    Original URL path: http://www.josefsson.org/openpgp-header/draft-josefsson-openpgp-mailnews-header.html (2016-04-30)
    Open archived version from archive



  •