| < draft-ietf-dnsext-dnssec-registry-update-03.txt | draft-ietf-dnsext-dnssec-registry-update-04.txt > | |||
|---|---|---|---|---|
| DNS Extensions Working Group S. Rose | DNS Extensions Working Group S. Rose | |||
| Internet-Draft NIST | Internet-Draft NIST | |||
| Intended status: Standards Track June 11, 2012 | Intended status: Standards Track August 3, 2012 | |||
| Expires: December 13, 2012 | Expires: February 4, 2013 | |||
| DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | |||
| draft-ietf-dnsext-dnssec-registry-update-03 | draft-ietf-dnsext-dnssec-registry-update-04 | |||
| Abstract | Abstract | |||
| The DNS Security Extensions (DNSSEC) requires the use of | The DNS Security Extensions (DNSSEC) requires the use of | |||
| cryptographic algorithm suites for generating digital signatures over | cryptographic algorithm suites for generating digital signatures over | |||
| DNS data. The algorithms specified for use with DNSSEC are reflected | DNS data. The algorithms specified for use with DNSSEC are reflected | |||
| in an IANA maintained registry. This document presents a set of | in an IANA maintained registry. This document presents a set of | |||
| changes for some entries of the registry. | changes for some entries of the registry. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 13, 2012. | This Internet-Draft will expire on February 4, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 18 ¶ | skipping to change at page 2, line 18 ¶ | |||
| 2. The DNS Security Algorithm Number Sub-registry . . . . . . . . 3 | 2. The DNS Security Algorithm Number Sub-registry . . . . . . . . 3 | |||
| 2.1. Updates and Additions . . . . . . . . . . . . . . . . . . . 3 | 2.1. Updates and Additions . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.2. Domain Name System (DNS) Security Algorithm Number | 2.2. Domain Name System (DNS) Security Algorithm Number | |||
| Registry Table . . . . . . . . . . . . . . . . . . . . . . 4 | Registry Table . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Normative References . . . . . . . . . . . . . . . . . . . . . 5 | 5. Informative References . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1. Introduction | 1. Introduction | |||
| The Domain Name System (DNS) Security Extensions (DNSSEC, defined by | The Domain Name System (DNS) Security Extensions (DNSSEC, defined by | |||
| [RFC4033], [RFC4034], [RFC4035], [RFC4509], [RFC5155], and [RFC5702]) | [RFC4033], [RFC4034], [RFC4035], [RFC4509], [RFC5155], and [RFC5702]) | |||
| use digital signatures over DNS data to provide source authentication | use digital signatures over DNS data to provide source authentication | |||
| and integrity protection. DNSSEC uses an IANA registry to list codes | and integrity protection. DNSSEC uses an IANA registry to list codes | |||
| for digital signature algorithms (consisting of an asymmetric | for digital signature algorithms (consisting of an asymmetric | |||
| cryptographic algorithm and a one-way hash function). | cryptographic algorithm and a one-way hash function). | |||
| skipping to change at page 3, line 25 ¶ | skipping to change at page 3, line 25 ¶ | |||
| Domain Name System Security (DNSSEC) Algorithm Numbers. These | Domain Name System Security (DNSSEC) Algorithm Numbers. These | |||
| updated entries are given in Section 2.2 below. This list includes | updated entries are given in Section 2.2 below. This list includes | |||
| changes to selected entries originally set aside for future algorithm | changes to selected entries originally set aside for future algorithm | |||
| specification that did not occur. These three entries are changed to | specification that did not occur. These three entries are changed to | |||
| "Reserved" to avoid potential conflicts with older implementations. | "Reserved" to avoid potential conflicts with older implementations. | |||
| This document also brings the list of references for entries up to | This document also brings the list of references for entries up to | |||
| date. | date. | |||
| There are auxillary sub-registries related to the Domain Name System | There are auxillary sub-registries related to the Domain Name System | |||
| Security (DNSSEC) Algorithm Numbers registry that deal with various | Security (DNSSEC) Algorithm Numbers registry that deal with various | |||
| Diffie-Hellmen parameters used with DNSSEC. These registry tables | Diffie-Hellman parameters used with DNSSEC. These registry tables | |||
| are not altered by this document. | are not altered by this document. | |||
| 2. The DNS Security Algorithm Number Sub-registry | 2. The DNS Security Algorithm Number Sub-registry | |||
| The DNS Security Algorithm Number sub-registry (part of the Domain | The DNS Security Algorithm Number sub-registry (part of the Domain | |||
| Name System (DNS) Security Number registry) contains a set of entries | Name System (DNS) Security Number registry) contains a set of entries | |||
| that contain errors. There are additional differences to entries | that contain errors. There are additional differences to entries | |||
| that are described in sub-section 2.1 and the complete list of | that are described in sub-section 2.1 and the complete list of | |||
| changed registry entries is in sub-section 2.2. | changed registry entries is in sub-section 2.2. | |||
| skipping to change at page 5, line 12 ¶ | skipping to change at page 5, line 12 ¶ | |||
| registry is available at | registry is available at | |||
| http://www.iana.org/assignments/dns-sec-alg-numbers. | http://www.iana.org/assignments/dns-sec-alg-numbers. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| This document replaces the Domain Name System (DNS) Security | This document replaces the Domain Name System (DNS) Security | |||
| Algorithm Numbers registry with an updated table. It is not meant to | Algorithm Numbers registry with an updated table. It is not meant to | |||
| be a discussion on algorithm superiority. No new security | be a discussion on algorithm superiority. No new security | |||
| considerations are raised in this document. | considerations are raised in this document. | |||
| 5. Normative References | 5. Informative References | |||
| [RFC3110] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain | [RFC3110] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain | |||
| Name System (DNS)", RFC 3110, May 2001. | Name System (DNS)", RFC 3110, May 2001. | |||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "DNS Security Introduction and Requirements", | Rose, "DNS Security Introduction and Requirements", | |||
| RFC 4033, March 2005. | RFC 4033, March 2005. | |||
| [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "Resource Records for the DNS Security Extensions", | Rose, "Resource Records for the DNS Security Extensions", | |||
| End of changes. 6 change blocks. | ||||
| 7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||