| < draft-ietf-dnssec-dss-02.txt | draft-ietf-dnssec-dss-03.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT DSA KEYs and SIGs in the DNS | INTERNET-DRAFT DSA KEYs and SIGs in the DNS | |||
| January 1998 | October 1998 | |||
| Expires July 1998 | Expires April 1999 | |||
| DSA KEYs and SIGs in the Domain Name System (DNS) | DSA KEYs and SIGs in the Domain Name System (DNS) | |||
| --- ---- --- ---- -- --- ------ ---- ------ ----- | --- ---- --- ---- -- --- ------ ---- ------ ----- | |||
| Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||
| Status of This Document | Status of This Document | |||
| This draft, file name draft-ietf-dnssec-dss-02.txt, is intended to be | This draft, file name draft-ietf-dnssec-dss-03.txt, is intended to be | |||
| become a Proposed Standard RFC. Distribution of this document is | become a Proposed Standard RFC. Distribution of this document is | |||
| unlimited. Comments should be sent to the DNS security mailing list | unlimited. Comments should be sent to the DNS security mailing list | |||
| <dns-security@tis.com> or to the author. | <dns-security@tis.com> or to the author. | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft. Internet-Drafts are working | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||
| and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||
| working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
| months. Internet-Drafts may be updated, replaced, or obsoleted by | months. Internet-Drafts may be updated, replaced, or obsoleted by | |||
| other documents at any time. It is not appropriate to use Internet- | other documents at any time. It is not appropriate to use Internet- | |||
| Drafts as reference material or to cite them other than as a | Drafts as reference material or to cite them other than as a | |||
| ``working draft'' or ``work in progress.'' | ``working draft'' or ``work in progress.'' | |||
| To learn the current status of any Internet-Draft, please check the | To view the entire list of current Internet-Drafts, please check the | |||
| 1id-abstracts.txt listing contained in the Internet-Drafts Shadow | "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow | |||
| Directories on ds.internic.net (East USA), ftp.isi.edu (West USA), | Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern | |||
| nic.nordu.net (North Europe), ftp.nis.garr.it (South Europe), | Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific | |||
| munnari.oz.au (Pacific Rim), or ftp.is.co.za (Africa). | Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). | |||
| [Changes from previous draft: change dates, update author info, add | ||||
| IANA Considerations] | ||||
| Abstract | Abstract | |||
| A standard method for storing US Government Digital Signature | A standard method for storing US Government Digital Signature | |||
| Algorithm keys and signatures in the Domain Name System is described | Algorithm keys and signatures in the Domain Name System is described | |||
| which utilizes DNS KEY and SIG resource records. | which utilizes DNS KEY and SIG resource records. | |||
| INTERNET-DRAFT DSA in the DNS | INTERNET-DRAFT DSA in the DNS | |||
| Table of Contents | Table of Contents | |||
| Status of This Document....................................1 | Status of This Document....................................1 | |||
| Abstract...................................................1 | Abstract...................................................1 | |||
| Table of Contents..........................................2 | Table of Contents..........................................2 | |||
| 1. Introduction............................................3 | 1. Introduction............................................3 | |||
| 2. DSA KEY Resource Records................................3 | ||||
| 3. DSA SIG Resource Records................................4 | ||||
| 4. Performance Considerations..............................4 | ||||
| 5. Security Considerations.................................5 | ||||
| 6. IANA Considerations.....................................5 | ||||
| 2. DSA KEY Resource Records................................4 | References.................................................6 | |||
| Author's Address...........................................6 | ||||
| 3. DSA SIG Resource Records................................5 | Expiration and File Name...................................6 | |||
| 4. Performance Considerations..............................6 | ||||
| 5. Security Considerations.................................6 | ||||
| References.................................................7 | ||||
| Author's Address...........................................7 | ||||
| Expiration and File Name...................................7 | ||||
| INTERNET-DRAFT DSA in the DNS | INTERNET-DRAFT DSA in the DNS | |||
| 1. Introduction | 1. Introduction | |||
| The Domain Name System (DNS) is the global hierarchical replicated | The Domain Name System (DNS) is the global hierarchical replicated | |||
| distributed database system for Internet addressing, mail proxy, and | distributed database system for Internet addressing, mail proxy, and | |||
| other information. The DNS has been extended to include digital | other information. The DNS has been extended to include digital | |||
| signatures and cryptographic keys as described in [draft-ietf- | signatures and cryptographic keys as described in [draft-ietf- | |||
| dnssec-secext2-*]. Thus the DNS can now be secured and can be used | dnssec-secext2-*]. Thus the DNS can now be secured and can be used | |||
| for secure key distribution. | for secure key distribution. | |||
| This document describes how to store US Government Digital Signature | This document describes how to store US Government Digital Signature | |||
| Algorithm (DSA) keys and signatures in the DNS. Familiarity with the | Algorithm (DSA) keys and signatures in the DNS. Familiarity with the | |||
| US Digital Signature Algorithm is assumed [Schneier]. Implementation | US Digital Signature Algorithm is assumed [Schneier]. Implementation | |||
| of DSA is mandatory for DNS security. | of DSA is mandatory for DNS security. | |||
| INTERNET-DRAFT DSA in the DNS | ||||
| 2. DSA KEY Resource Records | 2. DSA KEY Resource Records | |||
| DSA public keys are stored in the DNS as KEY RRs using algorithm | DSA public keys are stored in the DNS as KEY RRs using algorithm | |||
| number 3 [draft-ietf-dnssec-secext2-*]. The structure of the | number 3 [draft-ietf-dnssec-secext2-*]. The structure of the | |||
| algorithm specific portion of the RDATA part of this RR is as shown | algorithm specific portion of the RDATA part of this RR is as shown | |||
| below. These fields, from Q through Y are the "public key" part of | below. These fields, from Q through Y are the "public key" part of | |||
| the DSA KEY RR. | the DSA KEY RR. | |||
| The period of key validity is not in the KEY RR but is indicated by | The period of key validity is not in the KEY RR but is indicated by | |||
| the SIG RR(s) which signs and authenticates the KEY RR(s) at that | the SIG RR(s) which signs and authenticates the KEY RR(s) at that | |||
| skipping to change at page 4, line 41 ¶ | skipping to change at page 4, line 4 ¶ | |||
| number selected at key generation time such that 2**159 < Q < 2**160 | number selected at key generation time such that 2**159 < Q < 2**160 | |||
| so Q is always 20 octets long and, as with all other fields, is | so Q is always 20 octets long and, as with all other fields, is | |||
| stored in "big-endian" network order. P, G, and Y are calculated as | stored in "big-endian" network order. P, G, and Y are calculated as | |||
| directed by the FIPS 186 key generation algorithm [Schneier]. P is | directed by the FIPS 186 key generation algorithm [Schneier]. P is | |||
| in the range 2**(511+64T) < P < 2**(512+64T) and so is 64 + 8*T | in the range 2**(511+64T) < P < 2**(512+64T) and so is 64 + 8*T | |||
| octets long. G and Y are quantities modulus P and so can be up to | octets long. G and Y are quantities modulus P and so can be up to | |||
| the same length as P and are allocated fixed size fields with the | the same length as P and are allocated fixed size fields with the | |||
| same number of octets as P. | same number of octets as P. | |||
| During the key generation process, a random number X must be | During the key generation process, a random number X must be | |||
| INTERNET-DRAFT DSA in the DNS | ||||
| generated such that 1 <= X <= Q-1. X is the private key and is used | generated such that 1 <= X <= Q-1. X is the private key and is used | |||
| in the final step of public key generation where Y is computed as | in the final step of public key generation where Y is computed as | |||
| Y = G**X mod P | Y = G**X mod P | |||
| INTERNET-DRAFT DSA in the DNS | ||||
| 3. DSA SIG Resource Records | 3. DSA SIG Resource Records | |||
| The signature portion of the SIG RR RDATA area, when using the US | The signature portion of the SIG RR RDATA area, when using the US | |||
| Digital Signature Algorithm, is shown below with fields in the order | Digital Signature Algorithm, is shown below with fields in the order | |||
| they occur. See [draft-ietf-dnssec-secext2-*] for fields in the SIG | they occur. See [draft-ietf-dnssec-secext2-*] for fields in the SIG | |||
| RR RDATA which precede the signature itself. | RR RDATA which precede the signature itself. | |||
| Field Size | Field Size | |||
| ----- ---- | ----- ---- | |||
| T 1 octet | T 1 octet | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 4, line 46 ¶ | |||
| S = ( K**(-1) * (hash + X*R) ) mod Q | S = ( K**(-1) * (hash + X*R) ) mod Q | |||
| Since Q is 160 bits long, R and S can not be larger than 20 octets, | Since Q is 160 bits long, R and S can not be larger than 20 octets, | |||
| which is the space allocated. | which is the space allocated. | |||
| T is copied from the public key. It is not logically necessary in | T is copied from the public key. It is not logically necessary in | |||
| the SIG but is present so that values of T > 8 can more conveniently | the SIG but is present so that values of T > 8 can more conveniently | |||
| be used as an escape for extended versions of DSA or other algorithms | be used as an escape for extended versions of DSA or other algorithms | |||
| as later specified. | as later specified. | |||
| INTERNET-DRAFT DSA in the DNS | ||||
| 4. Performance Considerations | 4. Performance Considerations | |||
| General signature generation speeds are roughly the same for RSA [RFC | General signature generation speeds are roughly the same for RSA [RFC | |||
| xRSA] and DSA. With sufficient pre-computation, signature generation | xRSA] and DSA. With sufficient pre-computation, signature generation | |||
| with DSA is faster than RSA. Key generation is also faster for DSA. | with DSA is faster than RSA. Key generation is also faster for DSA. | |||
| However, signature verification is an order of magnitude slower than | However, signature verification is an order of magnitude slower than | |||
| RSA when the RSA public exponent is chosen to be small as is | RSA when the RSA public exponent is chosen to be small as is | |||
| INTERNET-DRAFT DSA in the DNS | ||||
| recommended for KEY RRs used in domain name system (DNS) data | recommended for KEY RRs used in domain name system (DNS) data | |||
| authentication. | authentication. | |||
| Current DNS implementations are optimized for small transfers, | Current DNS implementations are optimized for small transfers, | |||
| typically less than 512 bytes including overhead. While larger | typically less than 512 bytes including overhead. While larger | |||
| transfers will perform correctly and work is underway to make larger | transfers will perform correctly and work is underway to make larger | |||
| transfers more efficient, it is still advisable at this time to make | transfers more efficient, it is still advisable at this time to make | |||
| reasonable efforts to minimize the size of KEY RR sets stored within | reasonable efforts to minimize the size of KEY RR sets stored within | |||
| the DNS consistent with adequate security. Keep in mind that in a | the DNS consistent with adequate security. Keep in mind that in a | |||
| secure zone, at least one authenticating SIG RR will also be | secure zone, at least one authenticating SIG RR will also be | |||
| skipping to change at page 7, line 5 ¶ | skipping to change at page 5, line 44 ¶ | |||
| DSA assumes the ability to frequently generate high quality random | DSA assumes the ability to frequently generate high quality random | |||
| numbers. See [RFC 1750] for guidance. DSA is designed so that if | numbers. See [RFC 1750] for guidance. DSA is designed so that if | |||
| manipulated rather than random numbers are used, very high bandwidth | manipulated rather than random numbers are used, very high bandwidth | |||
| covert channels are possible. See [Schneier] and more recent | covert channels are possible. See [Schneier] and more recent | |||
| research. The leakage of an entire DSA private key in only two DSA | research. The leakage of an entire DSA private key in only two DSA | |||
| signatures has been demonstrated. DSA provides security only if | signatures has been demonstrated. DSA provides security only if | |||
| trusted implementations, including trusted random number generation, | trusted implementations, including trusted random number generation, | |||
| are used. | are used. | |||
| 6. IANA Considerations | ||||
| Allocation of meaning to values of the T parameter that are not | ||||
| defined herein requires an IETF standards actions. It is intended | ||||
| that values unallocated herein be used to cover future extensions of | ||||
| the DSS standard. | ||||
| INTERNET-DRAFT DSA in the DNS | INTERNET-DRAFT DSA in the DNS | |||
| References | References | |||
| [FIPS 186] - U.S. Federal Information Processing Standard: Digital | [FIPS 186] - U.S. Federal Information Processing Standard: Digital | |||
| Signature Standard. | Signature Standard. | |||
| [RFC 1034] - P. Mockapetris, "Domain names - concepts and | [RFC 1034] - P. Mockapetris, "Domain names - concepts and | |||
| facilities", 11/01/1987. | facilities", 11/01/1987. | |||
| [RFC 1035] - P. Mockapetris, "Domain names - implementation and | [RFC 1035] - P. Mockapetris, "Domain names - implementation and | |||
| specification", 11/01/1987. | specification", 11/01/1987. | |||
| [RFC 1750] - D. Eastlake, S. Crocker, J. Schiller, "Randomness | [RFC 1750] - D. Eastlake, S. Crocker, J. Schiller, "Randomness | |||
| Recommendations for Security", 12/29/1994. | Recommendations for Security", 12/29/1994. | |||
| [draft-ietf-dnssec-secext2-*] - Domain Name System Security | [draft-ietf-dnssec-secext2-*] - Domain Name System Security | |||
| Extensions, D. Eastlake, C. Kaufman, January 1997. | Extensions, D. Eastlake, C. Kaufman, January 1997. | |||
| [RFC xRSA] - draft-ietf-dnssec-rsa-*.txt | [RFC xRSA] - draft-ietf-dnssec-rsa-*.txt - RSA/MD5 KEYs and SIGs in | |||
| the Domain Name System (DNS), D. Eastlake. | ||||
| [Schneier] - Bruce Schneier, "Applied Cryptography Second Edition: | [Schneier] - Bruce Schneier, "Applied Cryptography Second Edition: | |||
| protocols, algorithms, and source code in C", 1996, John Wiley and | protocols, algorithms, and source code in C", 1996, John Wiley and | |||
| Sons, ISBN 0-471-11709-9. | Sons, ISBN 0-471-11709-9. | |||
| Author's Address | Author's Address | |||
| Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||
| CyberCash, Inc. | IBM | |||
| 318 Acton Street | 318 Acton Street | |||
| Carlisle, MA 01741 USA | Carlisle, MA 01741 USA | |||
| Telephone: +1 978 287 4877 | Telephone: +1-978-287-4877 | |||
| +1 703 620-4200 (main office, Reston, Virginia) | +1-914-784-7913 | |||
| FAX: +1 978 371 7148 | FAX: +1-978-371-7148 | |||
| EMail: dee@cybercash.com | EMail: dee3@us.ibm.com | |||
| Expiration and File Name | Expiration and File Name | |||
| This draft expires in July 1998. | This draft expires in April 1999. | |||
| Its file name is draft-ietf-dnssec-dss-02.txt. | Its file name is draft-ietf-dnssec-dss-03.txt. | |||
| End of changes. 16 change blocks. | ||||
| 31 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||