| < draft-ietf-dnssec-dhk-02.txt | draft-ietf-dnssec-dhk-03.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| March 1998 | November 1998 | |||
| Expires September 1998 | Expires May 1999 | |||
| Storage of Diffie-Hellman Keys in the Domain Name System (DNS) | Storage of Diffie-Hellman Keys in the Domain Name System (DNS) | |||
| ------- -- -------------- ---- -- --- ------ ---- ------ ----- | ------- -- -------------- ---- -- --- ------ ---- ------ ----- | |||
| Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||
| Status of This Document | Status of This Document | |||
| This draft, file name draft-ietf-dnssec-dhk-02.txt, is intended to be | This draft, file name draft-ietf-dnssec-dhk-03.txt, is intended to be | |||
| become a Proposed Standard RFC. Distribution of this document is | become a Proposed Standard RFC. Distribution of this document is | |||
| unlimited. Comments should be sent to the DNS security mailing list | unlimited. Comments should be sent to the DNS security mailing list | |||
| <dns-security@tis.com> or to the author. | <dns-security@tis.com> or to the author. | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft. Internet-Drafts are working | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||
| and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||
| working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six | Internet-Drafts are draft documents valid for a maximum of six | |||
| months. Internet-Drafts may be updated, replaced, or obsoleted by | months. Internet-Drafts may be updated, replaced, or obsoleted by | |||
| other documents at any time. It is not appropriate to use Internet- | other documents at any time. It is not appropriate to use Internet- | |||
| Drafts as reference material or to cite them other than as a | Drafts as reference material or to cite them other than as a | |||
| ``working draft'' or ``work in progress.'' | ``working draft'' or ``work in progress.'' | |||
| To learn the current status of any Internet-Draft, please check the | To view the entire list of current Internet-Drafts, please check the | |||
| 1id-abstracts.txt listing contained in the Internet-Drafts Shadow | "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow | |||
| Directories on ds.internic.net (East USA), ftp.isi.edu (West USA), | Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern | |||
| ftp.nordu.net (North Europe), ftp.nis.garr.it (South Europe), | Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific | |||
| munnari.oz.au (Pacific Rim), or ftp.is.co.za (Africa). | Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). | |||
| [Changes from previous draft: add IANA considerations section, update | ||||
| author info, update file name and dates, add specific well known | ||||
| groups] | ||||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| Abstract | Abstract | |||
| A standard method for storing Diffie-Hellman keys in the Domain Name | A standard method for storing Diffie-Hellman keys in the Domain Name | |||
| System is described which utilizes DNS KEY resource records. | System is described which utilizes DNS KEY resource records. | |||
| Acknowledgements | Acknowledgements | |||
| skipping to change at page 3, line 4 ¶ | skipping to change at page 2, line 25 ¶ | |||
| thereof was taken from an Internet draft by: | thereof was taken from an Internet draft by: | |||
| Ashar Aziz <ashar.aziz@eng.sun.com> | Ashar Aziz <ashar.aziz@eng.sun.com> | |||
| Tom Markson <markson@incog.com> | Tom Markson <markson@incog.com> | |||
| Hemma Prafullchandra <hemma@eng.sun.com> | Hemma Prafullchandra <hemma@eng.sun.com> | |||
| In addition, the following person provided useful comments that have | In addition, the following person provided useful comments that have | |||
| been incorporated: | been incorporated: | |||
| Ran Atkinson <rja@inet.org> | Ran Atkinson <rja@inet.org> | |||
| Thomas Narten <narten@raleigh.ibm.com> | ||||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| Table of Contents | Table of Contents | |||
| Status of This Document....................................1 | Status of This Document....................................1 | |||
| Abstract...................................................2 | Abstract...................................................2 | |||
| Acknowledgements...........................................2 | Acknowledgements...........................................2 | |||
| Table of Contents..........................................3 | Table of Contents..........................................3 | |||
| 1. Introduction............................................4 | 1. Introduction............................................4 | |||
| 1.1 About This Document....................................4 | ||||
| 1.2 About Diffie-Hellman...................................4 | ||||
| 2. Diffie-Hellman KEY Resource Records.....................5 | 2. Diffie-Hellman KEY Resource Records.....................5 | |||
| 3. Performance Considerations..............................6 | 3. Performance Considerations..............................6 | |||
| 4. Security Considerations.................................6 | 4. IANA Considerations.....................................6 | |||
| 5. Security Considerations.................................6 | ||||
| References.................................................7 | References.................................................7 | |||
| Author's Address...........................................7 | Author's Address...........................................7 | |||
| Expiration and File Name...................................7 | Expiration and File Name...................................7 | |||
| Appendix A: Well known prime/generator pairs...............8 | ||||
| A.1. Well-Known Group 1: A 768 bit prime..................8 | ||||
| A.2. Well-Known Group 2: A 1024 bit prime.................8 | ||||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| 1. Introduction | 1. Introduction | |||
| The Domain Name System (DNS) is the current global hierarchical | The Domain Name System (DNS) is the current global hierarchical | |||
| replicated distributed database system for Internet addressing, mail | replicated distributed database system for Internet addressing, mail | |||
| proxy, and similar information. The DNS has been extended to include | proxy, and similar information. The DNS has been extended to include | |||
| digital signatures and cryptographic keys as described in [draft- | digital signatures and cryptographic keys as described in [draft- | |||
| ietf-dnssec-secext2-*.txt]. Thus the DNS can now be used for secure | ietf-dnssec-secext2-*.txt]. Thus the DNS can now be used for secure | |||
| key distribution. | key distribution. | |||
| 1.1 About This Document | ||||
| This document describes how to store Diffie-Hellman keys in the DNS. | This document describes how to store Diffie-Hellman keys in the DNS. | |||
| Familiarity with the Diffie-Hellman key exchange algorithm is assumed | Familiarity with the Diffie-Hellman key exchange algorithm is assumed | |||
| [Schneier]. | [Schneier]. | |||
| 1.2 About Diffie-Hellman | ||||
| Diffie-Hellman requires two parties to interact to derive keying | Diffie-Hellman requires two parties to interact to derive keying | |||
| information which can then be used for authentication. Since DNS SIG | information which can then be used for authentication. Since DNS SIG | |||
| RRs are primarily used as stored authenticators of zone information | RRs are primarily used as stored authenticators of zone information | |||
| for many different resolvers, no Diffie-Hellman algorithm SIG RR is | for many different resolvers, no Diffie-Hellman algorithm SIG RR is | |||
| defined. For example, assume that two parties have local secrets "i" | defined. For example, assume that two parties have local secrets "i" | |||
| and "j". Assume they each respectively calculate X and Y as follows: | and "j". Assume they each respectively calculate X and Y as follows: | |||
| X = g**i ( mod p ) | X = g**i ( mod p ) | |||
| Y = g**j ( mod p ) | Y = g**j ( mod p ) | |||
| skipping to change at page 4, line 43 ¶ | skipping to change at page 4, line 47 ¶ | |||
| Zi = Y**i ( mod p ) | Zi = Y**i ( mod p ) | |||
| Zj = X**j ( mod p ) | Zj = X**j ( mod p ) | |||
| Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared | Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared | |||
| secret between the two parties that an adversary who does not know i | secret between the two parties that an adversary who does not know i | |||
| or j will not be able to learn from the exchanged messages (unless | or j will not be able to learn from the exchanged messages (unless | |||
| the adversary can derive i or j by performing a discrete logarithm | the adversary can derive i or j by performing a discrete logarithm | |||
| mod p which is hard for strong p and g). | mod p which is hard for strong p and g). | |||
| The private key for each party is their secret i (or j). The public | The private key for each party is their secret i (or j). The public | |||
| key is the pair p and g which must be the same for the parties and | key is the pair p and g, which must be the same for the parties, and | |||
| their individual X (or Y). | their individual X (or Y). | |||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| 2. Diffie-Hellman KEY Resource Records | 2. Diffie-Hellman KEY Resource Records | |||
| Diffie-Hellman keys are stored in the DNS as KEY RRs using algorithm | Diffie-Hellman keys are stored in the DNS as KEY RRs using algorithm | |||
| number 2. The structure of the RDATA portion of this RR is as shown | number 2. The structure of the RDATA portion of this RR is as shown | |||
| below. The first 4 octets, including the flags, protocol, and | below. The first 4 octets, including the flags, protocol, and | |||
| algorithm fields are common to all KEY RRs as described in [draft- | algorithm fields are common to all KEY RRs as described in [draft- | |||
| skipping to change at page 5, line 38 ¶ | skipping to change at page 5, line 38 ¶ | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | public value length | public value (variable length)/ | | public value length | public value (variable length)/ | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| / public value (g^i mod p) (variable length) | | / public value (g^i mod p) (variable length) | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Prime length is length of the Diffie-Hellman prime (p) in bytes if it | Prime length is length of the Diffie-Hellman prime (p) in bytes if it | |||
| is 16 or greater. Prime contains the binary representation of the | is 16 or greater. Prime contains the binary representation of the | |||
| Diffie-Hellman prime with most significant byte first (i.e., in | Diffie-Hellman prime with most significant byte first (i.e., in | |||
| network order). If "prime length" field is 1 or 2, then the "prime" | network order). If "prime length" field is 1 or 2, then the "prime" | |||
| field is actually an unsigned index into a table of up to 65,536 | field is actually an unsigned index into a table of 65,536 | |||
| predefined prime/generator pairs to be defined in which case the | prime/generator pairs and the generator length SHOULD be zero. See | |||
| generator length should be zero. The meaning of a zero or 3 through | Appedix A for defined table entries and Section 4 for information on | |||
| 15 value for "prime length" is reserved. | allocating additional table entries. The meaning of a zero or 3 | |||
| through 15 value for "prime length" is reserved. | ||||
| Generator length is the length of the generator (g) in bytes. | Generator length is the length of the generator (g) in bytes. | |||
| Generator is the binary representation of generator with most | Generator is the binary representation of generator with most | |||
| significant byte first. PublicValueLen is the Length of the Public | significant byte first. PublicValueLen is the Length of the Public | |||
| Value (g**i (mod p)) in bytes. PublicValue is the binary | Value (g**i (mod p)) in bytes. PublicValue is the binary | |||
| representation of the DH public value with most significant byte | representation of the DH public value with most significant byte | |||
| first. | first. | |||
| The corresponding algorithm=2 SIG resource record is not used so no | The corresponding algorithm=2 SIG resource record is not used so no | |||
| format for it is defined. | format for it is defined. | |||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| 3. Performance Considerations | 3. Performance Considerations | |||
| Current DNS implementations are optimized for small transfers, | Current DNS implementations are optimized for small transfers, | |||
| typically less than 512 bytes including overhead. While larger | typically less than 512 bytes including overhead. While larger | |||
| transfers will perform correctly and work is underway to make larger | transfers will perform correctly and work is underway to make larger | |||
| transfers more efficient, it is still advisable at this time to make | transfers more efficient, it is still advisable to make reasonable | |||
| reasonable efforts to minimize the size of KEY RR sets stored within | efforts to minimize the size of KEY RR sets stored within the DNS | |||
| the DNS consistent with adequate security. Keep in mind that in a | consistent with adequate security. Keep in mind that in a secure | |||
| secure zone, an authenticating SIG RR will also be returned. | zone, an authenticating SIG RR will also be returned. | |||
| 4. Security Considerations | 4. IANA Considerations | |||
| Assignment of meaning to Prime Lengths of 0 and 3 through 15 requires | ||||
| an IETF consensus. | ||||
| Well known prime/generator pairs number 0x0000 through 0x07FF can | ||||
| only be assigned by an IETF standards action and this Proposed | ||||
| Standard assigns 0x0001 through 0x0002. Pairs number 0s0800 through | ||||
| 0xBFFF can be assigned based on RFC documentation. Pairs number | ||||
| 0xC000 through 0xFFFF are available for private use and are not | ||||
| centrally coordinated. Use of such private pairs outside of a closed | ||||
| environment may result in conflicts. | ||||
| 5. Security Considerations | ||||
| Many of the general security consideration in [draft-ietf-dnssec- | Many of the general security consideration in [draft-ietf-dnssec- | |||
| secext2-*] apply. Keys retrieved from the DNS should not be trusted | secext2-*] apply. Keys retrieved from the DNS should not be trusted | |||
| unless (1) they have been securely obtained from a secure resolver or | unless (1) they have been securely obtained from a secure resolver or | |||
| independently verified by the user and (2) this secure resolver and | independently verified by the user and (2) this secure resolver and | |||
| secure obtainment or independent verification conform to security | secure obtainment or independent verification conform to security | |||
| policies acceptable to the user. As with all cryptographic | policies acceptable to the user. As with all cryptographic | |||
| algorithms, evaluating the necessary strength of the key is essential | algorithms, evaluating the necessary strength of the key is important | |||
| and dependent on local policy. | and dependent on local policy. | |||
| In addition, the usual Diffie-Hellman key strength considerations | In addition, the usual Diffie-Hellman key strength considerations | |||
| apply. (p-1)/2 should also be prime, g should be primitive mod p, p | apply. (p-1)/2 should also be prime, g should be primitive mod p, p | |||
| should be "large", etc. [Schneier] | should be "large", etc. [Schneier] | |||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||
| References | References | |||
| skipping to change at page 7, line 24 ¶ | skipping to change at page 7, line 24 ¶ | |||
| [draft-ietf-dnssec-secext2-*.txt] - Domain Name System Security | [draft-ietf-dnssec-secext2-*.txt] - Domain Name System Security | |||
| Extensions, D. Eastlake. | Extensions, D. Eastlake. | |||
| [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, | [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, | |||
| Algorithms, and Source Code in C", 1996, John Wiley and Sons | Algorithms, and Source Code in C", 1996, John Wiley and Sons | |||
| Author's Address | Author's Address | |||
| Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||
| CyberCash, Inc. | IBM | |||
| 318 Acton Street | 318 Acton Street | |||
| Carlisle, MA 01741 USA | Carlisle, MA 01741 USA | |||
| Telephone: +1 978 287 4877 | Telephone: +1-978-287-4877 | |||
| +1 703 620-4200 (main office, Reston, VA) | +1-914-784-7913 | |||
| FAX: +1 978 371 7148 | FAX: +1-978-371-7148 | |||
| EMail: dee@cybercash.com | EMail: dee3@us.ibm.com | |||
| Expiration and File Name | Expiration and File Name | |||
| This draft expires in September 1998. | This draft expires in April 1999. | |||
| Its file name is draft-ietf-dnssec-dhk-02.txt. | Its file name is draft-ietf-dnssec-dhk-03.txt. | |||
| INTERNET-DRAFT Diffie-Hellman Keys in the DNS | ||||
| Appendix A: Well known prime/generator pairs | ||||
| These numbers are copied from the IPSEC effort where the derivation of | ||||
| these values is more fully explained and additional information is available. | ||||
| Richard Schroeppel performed all the mathematical and computational | ||||
| work for this appendix. | ||||
| A.1. Well-Known Group 1: A 768 bit prime | ||||
| The prime is 2^768 - 2^704 - 1 + 2^64 * { [2^638 pi] + 149686 }. Its | ||||
| decimal value is | ||||
| 155251809230070893513091813125848175563133404943451431320235 | ||||
| 119490296623994910210725866945387659164244291000768028886422 | ||||
| 915080371891804634263272761303128298374438082089019628850917 | ||||
| 0691316593175367469551763119843371637221007210577919 | ||||
| Prime modulus: Length (32 bit words): 24, Data (hex): | ||||
| FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | ||||
| 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | ||||
| EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | ||||
| E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF | ||||
| Generator: Length (32 bit words): 1, Data (hex): 2 | ||||
| A.2. Well-Known Group 2: A 1024 bit prime | ||||
| The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. | ||||
| Its decimal value is | ||||
| 179769313486231590770839156793787453197860296048756011706444 | ||||
| 423684197180216158519368947833795864925541502180565485980503 | ||||
| 646440548199239100050792877003355816639229553136239076508735 | ||||
| 759914822574862575007425302077447712589550957937778424442426 | ||||
| 617334727629299387668709205606050270810842907692932019128194 | ||||
| 467627007 | ||||
| Prime modulus: Length (32 bit words): 32, Data (hex): | ||||
| FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 | ||||
| 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD | ||||
| EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 | ||||
| E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED | ||||
| EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 | ||||
| FFFFFFFF FFFFFFFF | ||||
| Generator: Length (32 bit words): 1, Data (hex): 2 | ||||
| End of changes. 19 change blocks. | ||||
| 28 lines changed or deleted | 56 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||