Field of Art
The disclosure generally relates to the field of networking, and specifically to secure and delegated distribution of private keys via the Domain Name Service (DNS).
Description of Art
In distributed messaging systems like electronic mail (email), there is a need to validate the originator of a message against the message's purported identity in order to eliminate fraudulent messages. One approach to this problem is to use public key cryptography to verify the messages. In this approach an encrypted hash is used to validate messages as being associated with an identity. One or more public keys are published in a globally visible directory, wherein only the holder of the identity is allowed to publish records in the directory. Authorized senders are in possession of a corresponding private key, which they can use to encrypt a hashed version of the message and include the encrypted hash as metadata for the message. Recipients can decrypt the metadata using the public key and compare it to their own, independently generated hash of the message. If the hashes match, then the sender is valid. DomainKeys Identified Mail (DKIM) is the standard implementation of this system for email.
This approach can be quite effective, but it has some issues when there are multiple signing entities. Private key distribution becomes challenging when there are multiple distinct entities that are allowed to sign messages authorized against a single shared domain (and hence must have a valid private key) from a single shared domain. For example, if an administrator of “acme.com” wishes to allow signing of messages from “ajax.com”, each domain would need a valid private key.
One approach is to allocate different subdomains of the primary domain to the different signing organizations, to eliminate the sharing. In this circumstance each signing organization has complete control of the global directory for its subdomain. While this can work, it fails the primary goal of supporting multiple senders on a single domain as each organization would require a distinct subdomain of the primary domain.
Alternately, each signing entity can generate its own private/public key pair, and provide the public key to the authorizing domain owner to publish in the global directory. By publishing the corresponding public key in the appropriate location in the global directory, the domain owner signals that it is delegating signing authority to the signing entity. However, this manual process tends to be both error-prone and burdensome on the authorizing domain owner. It also makes it difficult to incorporate best practices such as key rotation, as this would require repetition of the manual process each time the key was replaced, causing a situation in practice where a key may not be updated.
Hence, what is lacking is an ability to generate and distribute delegated private keys authorized against a shared domain in a secure and automated fashion to multiple distinct entities, as well as the reliable management and update of such keys.