< draft-ietf-dnssec-rsa-00.txt		draft-ietf-dnssec-rsa-01.txt >
	INTERNET-DRAFT RSA/MD5 KEYs and SIGs in the DNS		INTERNET-DRAFT RSA/MD5 KEYs and SIGs in the DNS
	January 1998		October 1998
	Expires July 1998		Expires April 1999
	RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)		RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
	------- ---- --- ---- -- --- ------ ---- ------ -----		------- ---- --- ---- -- --- ------ ---- ------ -----
	Donald E. Eastlake 3rd		Donald E. Eastlake 3rd
	Status of This Document		Status of This Document
	This draft, file name draft-ietf-dnssec-rsa-00.txt, is intended to be		This draft, file name draft-ietf-dnssec-rsa-01.txt, is intended to be
	become a Proposed Standard RFC. Distribution of this document is		become a Proposed Standard RFC. Distribution of this document is
	unlimited. Comments should be sent to the DNS security mailing list		unlimited. Comments should be sent to the DNS security mailing list
	<dns-security@tis.com> or to the author.		<dns-security@tis.com> or to the author.
	This document is an Internet-Draft. Internet-Drafts are working		This document is an Internet-Draft. Internet-Drafts are working
	documents of the Internet Engineering Task Force (IETF), its areas,		documents of the Internet Engineering Task Force (IETF), its areas,
	and its working groups. Note that other groups may also distribute		and its working groups. Note that other groups may also distribute
	working documents as Internet-Drafts.		working documents as Internet-Drafts.
	Internet-Drafts are draft documents valid for a maximum of six		Internet-Drafts are draft documents valid for a maximum of six
	months. Internet-Drafts may be updated, replaced, or obsoleted by		months. Internet-Drafts may be updated, replaced, or obsoleted by
	other documents at any time. It is not appropriate to use Internet-		other documents at any time. It is not appropriate to use Internet-
	Drafts as reference material or to cite them other than as a		Drafts as reference material or to cite them other than as a
	``working draft'' or ``work in progress.''		``working draft'' or ``work in progress.''
	To learn the current status of any Internet-Draft, please check the		To view the entire list of current Internet-Drafts, please check the
	1id-abstracts.txt listing contained in the Internet-Drafts Shadow		"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
	Directories on ds.internic.net (East USA), ftp.isi.edu (West USA),		Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
	nic.nordu.net (North Europe), ftp.nis.garr.it (South Europe),		Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
	munnari.oz.au (Pacific Rim), or ftp.is.co.za (Africa).		Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
			[Changes from the previous draft: change date, update author info,
			add RFC 2119 reference]
	Abstract		Abstract
	A standard method for storing RSA keys and and RSA/MD5 based		A standard method for storing RSA keys and and RSA/MD5 based
	signatures in the Domain Name System is described which utilizes DNS		signatures in the Domain Name System is described which utilizes DNS
	KEY and SIG resource records.		KEY and SIG resource records.
	INTERNET-DRAFT RSA/MD5 in the DNS		INTERNET-DRAFT RSA/MD5 in the DNS
	Table of Contents		Table of Contents
	skipping to change at page 3, line 21 ¶		skipping to change at page 3, line 21 ¶
	other information. The DNS has been extended to include digital		other information. The DNS has been extended to include digital
	signatures and cryptographic keys as described in [draft-ietf-		signatures and cryptographic keys as described in [draft-ietf-
	dnssec-secext2-*]. Thus the DNS can now be secured and used for		dnssec-secext2-*]. Thus the DNS can now be secured and used for
	secure key distribution.		secure key distribution.
	This document describes how to store RSA keys and and RSA/MD5 based		This document describes how to store RSA keys and and RSA/MD5 based
	signatures in the DNS. Familiarity with the RSA algorithm is assumed		signatures in the DNS. Familiarity with the RSA algorithm is assumed
	[Schneier]. Implementation of the RSA algorithm in DNS is		[Schneier]. Implementation of the RSA algorithm in DNS is
	recommended.		recommended.
			The key words "MUST", "REQUIRED", "SHOULD", "RECOMMENDED", and "MAY"
			in this document are to be interpreted as described in RFC 2119.
	2. RSA Public KEY Resource Records		2. RSA Public KEY Resource Records
	RSA public keys are stored in the DNS as KEY RRs using algorithm		RSA public keys are stored in the DNS as KEY RRs using algorithm
	number 1 [draft-ietf-dnssec-secext2-*]. The structure of the		number 1 [draft-ietf-dnssec-secext2-*]. The structure of the
	algorithm specific portion of the RDATA part of such RRs is as shown		algorithm specific portion of the RDATA part of such RRs is as shown
	below.		below.
	Field Size		Field Size
	----- ----		----- ----
	exponent length 1 or 3 octets (see text)		exponent length 1 or 3 octets (see text)
	skipping to change at page 6, line 14 ¶		skipping to change at page 6, line 14 ¶
	INTERNET-DRAFT RSA/MD5 in the DNS		INTERNET-DRAFT RSA/MD5 in the DNS
	References		References
	[NETSEC] - Network Security: PRIVATE Communications in a PUBLIC		[NETSEC] - Network Security: PRIVATE Communications in a PUBLIC
	World, Charlie Kaufman, Radia Perlman, & Mike Speciner, Prentice Hall		World, Charlie Kaufman, Radia Perlman, & Mike Speciner, Prentice Hall
	Series in Computer Networking and Distributed Communications, 1995.		Series in Computer Networking and Distributed Communications, 1995.
	[PKCS1] - PKCS #1: RSA Encryption Standard, RSA Data Security, Inc.,		[PKCS1] - PKCS #1: RSA Encryption Standard, RSA Data Security, Inc.,
	3 June 1991, Version 1.4.		3 June 1991, Version 1.4. [there is an ID on this and any resulting
			RFC could be substitutes if available in time]
	[RFC 1034] - P. Mockapetris, "Domain names - concepts and		[RFC 1034] - P. Mockapetris, "Domain names - concepts and
	facilities", 11/01/1987.		facilities", 11/01/1987.
	[RFC 1035] - P. Mockapetris, "Domain names - implementation and		[RFC 1035] - P. Mockapetris, "Domain names - implementation and
	specification", 11/01/1987.		specification", 11/01/1987.
	[RFC 1321] - R. Rivest, "The MD5 Message-Digest Algorithm", April		[RFC 1321] - R. Rivest, "The MD5 Message-Digest Algorithm", April
	1992.		1992.
	skipping to change at page 6, line 37 ¶		skipping to change at page 6, line 38 ¶
	[RFC xDSA] - draft-ietf-dnssec-dss-*.txt		[RFC xDSA] - draft-ietf-dnssec-dss-*.txt
	[Schneier] - Bruce Schneier, "Applied Cryptography Second Edition:		[Schneier] - Bruce Schneier, "Applied Cryptography Second Edition:
	protocols, algorithms, and source code in C", 1996, John Wiley and		protocols, algorithms, and source code in C", 1996, John Wiley and
	Sons, ISBN 0-471-11709-9.		Sons, ISBN 0-471-11709-9.
	Author's Address		Author's Address
	Donald E. Eastlake 3rd		Donald E. Eastlake 3rd
	CyberCash, Inc.		IBM
	318 Acton Street		318 Acton Street
	Carlisle, MA 01741 USA		Carlisle, MA 01741 USA
	Telephone: +1 978 287 4877		Telephone: +1-978-287-4877
	+1 703 620-4200 (main office, Reston, Virginia)		+1-914-784-7913
	FAX: +1 978 371 7148		FAX: +1-978-371-7148
	EMail: dee@cybercash.com		EMail: dee3@us.ibm.com
	Expiration and File Name		Expiration and File Name
	This draft expires in July 1998.		This draft expires in April 1999.
	Its file name is draft-ietf-dnssec-rsa-00.txt.		Its file name is draft-ietf-dnssec-rsa-01.txt.
End of changes. 9 change blocks.
	15 lines changed or deleted		22 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/