summaryrefslogtreecommitdiffstats
path: root/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt')
-rw-r--r--doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt464
1 files changed, 464 insertions, 0 deletions
diff --git a/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt b/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt
new file mode 100644
index 0000000..e169da8
--- /dev/null
+++ b/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-07.txt
@@ -0,0 +1,464 @@
+
+INTERNET-DRAFT DSA Information in the DNS
+OBSOLETES: RFC 2536 Donald E. Eastlake 3rd
+ Motorola Laboratories
+Expires: September 2006 March 2006
+
+
+ DSA Keying and Signature Information in the DNS
+ --- ------ --- --------- ----------- -- --- ---
+ <draft-ietf-dnsext-rfc2536bis-dsa-07.txt>
+ Donald E. Eastlake 3rd
+
+
+Status of This Document
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Distribution of this document is unlimited. Comments should be sent
+ to the DNS extensions working group mailing list
+ <namedroppers@ops.ietf.org>.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+
+
+Abstract
+
+ The standard method of encoding US Government Digital Signature
+ Algorithm keying and signature information for use in the Domain Name
+ System is specified.
+
+
+
+
+
+
+
+
+
+D. Eastlake 3rd [Page 1]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+Table of Contents
+
+ Status of This Document....................................1
+ Abstract...................................................1
+
+ Table of Contents..........................................2
+
+ 1. Introduction............................................3
+ 2. DSA Keying Information..................................3
+ 3. DSA Signature Information...............................4
+ 4. Performance Considerations..............................4
+ 5. Security Considerations.................................5
+ 6. IANA Considerations.....................................5
+ Copyright, Disclaimer, and Additional IPR Provisions.......5
+
+ Normative References.......................................7
+ Informative References.....................................7
+
+ Author's Address...........................................8
+ Expiration and File Name...................................8
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+D. Eastlake 3rd [Page 2]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+1. Introduction
+
+ The Domain Name System (DNS) is the global hierarchical replicated
+ distributed database system for Internet addressing, mail proxy, and
+ other information [RFC 1034, 1035]. The DNS has been extended to
+ include digital signatures and cryptographic keys as described in
+ [RFC 4033, 4034, 4035] and additional work is underway which would
+ require the storage of keying and signature information in the DNS.
+
+ This document describes how to encode US Government Digital Signature
+ Algorithm (DSA) keys and signatures in the DNS. Familiarity with the
+ US Digital Signature Algorithm is assumed [FIPS 186-2, Schneier].
+
+
+
+2. DSA Keying Information
+
+ When DSA public keys are stored in the DNS, the structure of the
+ relevant part of the RDATA part of the RR being used is the fields
+ listed below in the order given.
+
+ The period of key validity is not included in this data but is
+ indicated separately, for example by an RR such as RRSIG which signs
+ and authenticates the RR containing the keying information.
+
+ Field Size
+ ----- ----
+ T 1 octet
+ Q 20 octets
+ P 64 + T*8 octets
+ G 64 + T*8 octets
+ Y 64 + T*8 octets
+
+ As described in [FIPS 186-2] and [Schneier], T is a key size
+ parameter chosen such that 0 <= T <= 8. (The meaning if the T octet
+ is greater than 8 is reserved and the remainder of the data may have
+ a different format in that case.) Q is a prime number selected at
+ key generation time such that 2**159 < Q < 2**160. Thus Q is always
+ 20 octets long and, as with all other fields, is stored in "big-
+ endian" network order. P, G, and Y are calculated as directed by the
+ [FIPS 186-2] key generation algorithm [Schneier]. P is in the range
+ 2**(511+64T) < P < 2**(512+64T) and thus is 64 + 8*T octets long. G
+ and Y are quantities modulo P and so can be up to the same length as
+ P and are allocated fixed size fields with the same number of octets
+ as P.
+
+ During the key generation process, a random number X must be
+ generated such that 1 <= X <= Q-1. X is the private key and is used
+ in the final step of public key generation where Y is computed as
+
+
+
+D. Eastlake 3rd [Page 3]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+ Y = G**X mod P
+
+
+
+3. DSA Signature Information
+
+ The portion of the RDATA area used for US Digital Signature Algorithm
+ signature information is shown below with fields in the order they
+ are listed and the contents of each multi-octet field in "big-endian"
+ network order.
+
+ Field Size
+ ----- ----
+ T 1 octet
+ R 20 octets
+ S 20 octets
+
+ First, the data signed must be determined. Then the following steps
+ are taken, as specified in [FIPS 186-2], where Q, P, G, and Y are as
+ specified in the public key [Schneier]:
+
+ hash = SHA-1 ( data )
+
+ Generate a random K such that 0 < K < Q.
+
+ R = ( G**K mod P ) mod Q
+
+ S = ( K**(-1) * (hash + X*R) ) mod Q
+
+ For information on the SHA-1 hash function see [FIPS 180-2] and [RFC
+ 3174].
+
+ Since Q is 160 bits long, R and S can not be larger than 20 octets,
+ which is the space allocated.
+
+ T is copied from the public key. It is not logically necessary in
+ the SIG but is present so that values of T > 8 can more conveniently
+ be used as an escape for extended versions of DSA or other algorithms
+ as later standardized.
+
+
+
+4. Performance Considerations
+
+ General signature generation speeds are roughly the same for RSA [RFC
+ 3110] and DSA. With sufficient pre-computation, signature generation
+ with DSA is faster than RSA. Key generation is also faster for DSA.
+ However, signature verification is an order of magnitude slower than
+ RSA when the RSA public exponent is chosen to be small, as is
+ recommended for some applications.
+
+
+D. Eastlake 3rd [Page 4]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+ Current DNS implementations are optimized for small transfers,
+ typically less than 512 bytes including DNS overhead. Larger
+ transfers will perform correctly and extensions have been
+ standardized [RFC 2671] to make larger transfers more efficient, it
+ is still advisable at this time to make reasonable efforts to
+ minimize the size of RR sets containing keying and/or signature
+ inforamtion consistent with adequate security.
+
+
+
+5. Security Considerations
+
+ Keys retrieved from the DNS should not be trusted unless (1) they
+ have been securely obtained from a secure resolver or independently
+ verified by the user and (2) this secure resolver and secure
+ obtainment or independent verification conform to security policies
+ acceptable to the user. As with all cryptographic algorithms,
+ evaluating the necessary strength of the key is essential and
+ dependent on local policy.
+
+ The key size limitation of a maximum of 1024 bits ( T = 8 ) in the
+ current DSA standard may limit the security of DSA. For particular
+ applications, implementors are encouraged to consider the range of
+ available algorithms and key sizes.
+
+ DSA assumes the ability to frequently generate high quality random
+ numbers. See [random] for guidance. DSA is designed so that if
+ biased rather than random numbers are used, high bandwidth covert
+ channels are possible. See [Schneier] and more recent research. The
+ leakage of an entire DSA private key in only two DSA signatures has
+ been demonstrated. DSA provides security only if trusted
+ implementations, including trusted random number generation, are
+ used.
+
+
+
+6. IANA Considerations
+
+ Allocation of meaning to values of the T parameter that are not
+ defined herein (i.e., > 8 ) requires an IETF standards actions. It
+ is intended that values unallocated herein be used to cover future
+ extensions of the DSS standard.
+
+
+
+Copyright, Disclaimer, and Additional IPR Provisions
+
+ Copyright (C) The Internet Society (2006). This document is subject to
+ the rights, licenses and restrictions contained in BCP 78, and except
+ as set forth therein, the authors retain all their rights.
+
+
+D. Eastlake 3rd [Page 5]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+D. Eastlake 3rd [Page 6]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+Normative References
+
+ [FIPS 186-2] - U.S. Federal Information Processing Standard: Digital
+ Signature Standard, 27 January 2000.
+
+ [RFC 4034] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
+ Rose, "Resource Records for the DNS Security Extensions", RFC 4034,
+ March 2005.
+
+
+
+Informative References
+
+ [RFC 1034] - "Domain names - concepts and facilities", P.
+ Mockapetris, 11/01/1987.
+
+ [RFC 1035] - "Domain names - implementation and specification", P.
+ Mockapetris, 11/01/1987.
+
+ [RFC 2671] - "Extension Mechanisms for DNS (EDNS0)", P. Vixie, August
+ 1999.
+
+ [RFC 3110] - "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System
+ (DNS)", D. Eastlake 3rd. May 2001.
+
+ [RFC 3174] - "US Secure Hash Algorithm 1 (SHA1)", D. Eastlake, P.
+ Jones, September 2001.
+
+ [RFC 4033] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
+ Rose, "DNS Security Introduction and Requirements", RFC 4033, March
+ 2005.
+
+ [RFC 4035] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
+ Rose, "Protocol Modifications for the DNS Security Extensions", RFC
+ 4035, March 2005.
+
+ [RFC 4086] - Eastlake, D., 3rd, Schiller, J., and S. Crocker,
+ "Randomness Requirements for Security", BCP 106, RFC 4086, June 2005.
+
+ [Schneier] - "Applied Cryptography Second Edition: protocols,
+ algorithms, and source code in C" (second edition), Bruce Schneier,
+ 1996, John Wiley and Sons, ISBN 0-471-11709-9.
+
+
+
+
+
+
+
+
+
+
+D. Eastlake 3rd [Page 7]
+
+
+INTERNET-DRAFT DSA Information in the DNS
+
+
+Author's Address
+
+ Donald E. Eastlake 3rd
+ Motorola Labortories
+ 155 Beaver Street
+ Milford, MA 01757 USA
+
+ Telephone: +1-508-786-7554(w)
+ EMail: Donald.Eastlake@motorola.com
+
+
+
+Expiration and File Name
+
+ This draft expires in September 2006.
+
+ Its file name is draft-ietf-dnsext-rfc2536bis-dsa-07.txt.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+D. Eastlake 3rd [Page 8]
+
generated by cgit (git 2.34.1) at 2024-04-23 07:52:17 +0000