idnits 2.17.1 draft-ietf-curdle-dnskey-eddsa-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 17, 2016) is 2687 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational draft: draft-irtf-cfrg-eddsa (ref. 'I-D.irtf-cfrg-eddsa') ** Downref: Normative reference to an Informational RFC: RFC 7748 Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force O. Sury 3 Internet-Draft CZ.NIC 4 Intended status: Standards Track R. Edmonds 5 Expires: June 20, 2017 Fastly 6 December 17, 2016 8 EdDSA for DNSSEC 9 draft-ietf-curdle-dnskey-eddsa-03 11 Abstract 13 This document describes how to specify EdDSA keys and signatures in 14 DNS Security (DNSSEC). It uses the Edwards-curve Digital Security 15 Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on June 20, 2017. 34 Copyright Notice 36 Copyright (c) 2016 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 53 3. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 2 54 4. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 3 55 5. Algorithm Number for DS, DNSKEY and RRSIG Resource Records . 3 56 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 6.1. Ed25519 Examples . . . . . . . . . . . . . . . . . . . . 3 58 6.2. Ed448 Examples . . . . . . . . . . . . . . . . . . . . . 4 59 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 60 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 61 9. Security Considerations . . . . . . . . . . . . . . . . . . . 6 62 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 63 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 64 10.2. Informative References . . . . . . . . . . . . . . . . . 7 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 67 1. Introduction 69 DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and 70 [RFC4035], uses cryptographic keys and digital signatures to provide 71 authentication of DNS data. Currently, the most popular signature 72 algorithm in use is RSA. GOST ([RFC5933]) and NIST-specified 73 elliptic curve cryptography ([RFC6605]) are also standardized. 75 [I-D.irtf-cfrg-eddsa] describes the elliptic curve signature system 76 EdDSA and recommends two curves, Ed25519 and Ed448. 78 This document defines the use of DNSSEC's DS, DNSKEY, and RRSIG 79 resource records (RRs) with a new signing algorithm, Edwards-curve 80 Digital Signature Algorithm (EdDSA) using a choice of two instances: 81 Ed25519 and Ed448. 83 2. Requirements Language 85 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 86 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 87 document are to be interpreted as described in [RFC2119]. 89 3. DNSKEY Resource Records 91 An Ed25519 public key consists of a 32-octet value, which is encoded 92 into the Public Key field of a DNSKEY resource record as a simple bit 93 string. The generation of a public key is defined in Section 5.1.5 94 in [I-D.irtf-cfrg-eddsa]. 96 An Ed448 public key consists of a 57-octet value, which is encoded 97 into the Public Key field of a DNSKEY resource record as a simple bit 98 string. The generation of a public key is defined in Section 5.2.5 99 in [I-D.irtf-cfrg-eddsa]. 101 4. RRSIG Resource Records 103 An Ed25519 signature consists of a 64-octet value, which is encoded 104 into the Signature field of an RRSIG resource record as a simple bit 105 string. The Ed25519 signature algorithm is described in 106 Section 5.1.6 and verification of the Ed25519 signature is described 107 in Section 5.1.7 in [I-D.irtf-cfrg-eddsa]. 109 An Ed448 signature consists of a 114-octet value, which is encoded 110 into the Signature field of an RRSIG resource record as a simple bit 111 string. The Ed448 signature algorithm is described in Section 5.2.6 112 and verification of the Ed448 signature is described in Section 5.2.7 113 in [I-D.irtf-cfrg-eddsa]. 115 5. Algorithm Number for DS, DNSKEY and RRSIG Resource Records 117 The algorithm number associated with the use of Ed25519 in DS, DNSKEY 118 and RRSIG resource records is TBD1. The algorithm number associated 119 with the use of Ed448 in DS, DNSKEY and RRSIG resource records is 120 TBD2. This registration is fully defined in the IANA Considerations 121 section. 123 6. Examples 125 6.1. Ed25519 Examples 126 This section needs an update after the algorithm number for Ed25519 127 is assigned. 129 Private-key-format: v1.2 130 Algorithm: TBD1 (ED25519) 131 PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI= 133 example.com. 3600 IN DNSKEY 257 3 TBD1 ( 134 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ) 136 example.com. 3600 IN DS 3613 TBD1 2 ( 137 3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79 138 a304b ) 140 example.com. 3600 IN MX 10 mail.example.com. 142 example.com. 3600 IN RRSIG MX 3 3600 ( 143 1440021600 1438207200 3613 example.com. ( 144 Edk+IB9KNNWg0HAjm7FazXyrd5m3Rk8zNZbvNpAcM+eysqcUOMIjWoevFkj 145 H5GaMWeG96GUVZu6ECKOQmemHDg== ) 147 This section needs an update after the algorithm number for Ed25519 148 is assigned. 150 Private-key-format: v1.2 151 Algorithm: TBD1 (ED25519) 152 PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY= 154 example.com. 3600 IN DNSKEY 257 3 TBD1 ( 155 zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs= ) 157 example.com. 3600 IN DS 35217 TBD1 2 ( 158 401781b934e392de492ec77ae2e15d70f6575a1c0bc59c5275c04ebe80c 159 6614c ) 161 example.com. 3600 IN MX 10 mail.example.com. 163 example.com. 3600 IN RRSIG MX 3 3600 ( 164 1440021600 1438207200 35217 example.com. ( 165 5LL2obmzdqjWI+Xto5eP5adXt/T5tMhasWvwcyW4L3SzfcRawOle9bodhC+ 166 oip9ayUGjY9T/rL4rN3bOuESGDA== ) 168 6.2. Ed448 Examples 169 This section needs an update after the algorithm number for Ed448 is 170 assigned. 172 Private-key-format: v1.2 173 Algorithm: TBD2 (ED448) 174 PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x 175 8wWbDDct/U3FhYWA 177 example.com. 3600 IN DNSKEY 257 3 TBD2 ( 178 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx 179 1FYYUcJKm1MDpJtIA ) 181 example.com. 3600 IN DS 9713 TBD2 2 ( 182 6ccf18d5bc5d7fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2 183 b19c7 ) 185 example.com. 3600 IN MX 10 mail.example.com. 187 example.com. 3600 IN RRSIG MX 3 3600 ( 188 1440021600 1438207200 9713 example.com. ( 189 Nmc0rgGKpr3GKYXcB1JmqqS4NYwhmechvJTqVzt3jR+Qy/lSLFoIk1L+9e3 190 9GPL+5tVzDPN3f9kAwiu8KCuPPjtl227ayaCZtRKZuJax7n9NuYlZJIusX0 191 SOIOKBGzG+yWYtz1/jjbzl5GGkWvREUCUA ) 193 This section needs an update after the algorithm number for Ed448 is 194 assigned. 196 Private-key-format: v1.2 197 Algorithm: TBD2 (ED448) 198 PrivateKey: WEykD3ht3MHkU8iH4uVOLz8JLwtRBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO 199 2BlZdz4hdSTkOdOA 201 example.com. 3600 IN DNSKEY 257 3 TBD2 ( 202 kkreGWoccSDmUBGAe7+zsbG6ZAFQp+syPmYUurBRQc3tDjeMCJcVMRDmgcN 203 Lp5HlHAMy12VoISsA ) 205 example.com. 3600 IN DS 38353 TBD2 2 ( 206 645ff078b3568f5852b70cb60e8e696cc77b75bfaaffc118cf79cbda1ba 207 28af4 ) 209 example.com. 3600 IN MX 10 mail.example.com. 211 example.com. 3600 IN RRSIG MX 3 3600 ( 212 1440021600 1438207200 38353 example.com. ( 213 +JjANio/LIzp7osmMYE5XD3H/YES8kXs5Vb9H8MjPS8OAGZMD37+LsCIcjg 214 5ivt0d4Om/UaqETEAsJjaYe56CEQP5lhRWuD2ivBqE0zfwJTyp4WqvpULbp 215 vaukswvv/WNEFxzEYQEIm9+xDlXj4pMAMA ) 217 7. Acknowledgements 219 Some of the material in this document is copied liberally from 220 [RFC6605]. 222 The authors of this document wish to thank Jan Vcelak, Pieter Lexis, 223 Kees Monshouwer, Simon Josefsson, Paul Hoffman and others for a 224 review of this document. 226 8. IANA Considerations 228 This document updates the IANA registry "Domain Name System Security 229 (DNSSEC) Algorithm Numbers". The following entries have been added 230 to the registry: 232 +--------------+---------------+---------------+ 233 | Number | TBD1 | TBD2 | 234 | Description | Ed25519 | Ed448 | 235 | Mnemonic | ED25519 | ED448 | 236 | Zone Signing | Y | Y | 237 | Trans. Sec. | * | * | 238 | Reference | This document | This document | 239 +--------------+---------------+---------------+ 241 * There has been no determination of standardization of the use of 242 this algorithm with Transaction Security. 244 9. Security Considerations 246 The security considerations of [I-D.irtf-cfrg-eddsa] and [RFC7748]are 247 inherited in the usage of Ed25519 and Ed448 in DNSSEC. 249 Ed25519 is intended to operate at around the 128-bit security level, 250 and Ed448 at around the 224-bit security level. A sufficiently large 251 quantum computer would be able to break both. Reasonable projections 252 of the abilities of classical computers conclude that Ed25519 is 253 perfectly safe. Ed448 is provided for those applications with 254 relaxed performance requirements and where there is a desire to hedge 255 against analytical attacks on elliptic curves. 257 These assessments could, of course, change in the future if new 258 attacks that work better than the ones known today are found. 260 A private key used for a DNSSEC zone MUST NOT be used for any other 261 purpose than for that zone. Otherwise cross-protocol or cross- 262 application attacks are possible. 264 10. References 266 10.1. Normative References 268 [I-D.irtf-cfrg-eddsa] 269 Josefsson, S. and I. Liusvaara, "Edwards-curve Digital 270 Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-08 271 (work in progress), August 2016. 273 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 274 Requirement Levels", BCP 14, RFC 2119, 275 DOI 10.17487/RFC2119, March 1997, 276 . 278 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. 279 Rose, "DNS Security Introduction and Requirements", 280 RFC 4033, DOI 10.17487/RFC4033, March 2005, 281 . 283 [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. 284 Rose, "Resource Records for the DNS Security Extensions", 285 RFC 4034, DOI 10.17487/RFC4034, March 2005, 286 . 288 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. 289 Rose, "Protocol Modifications for the DNS Security 290 Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, 291 . 293 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves 294 for Security", RFC 7748, DOI 10.17487/RFC7748, January 295 2016, . 297 10.2. Informative References 299 [RFC5933] Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of 300 GOST Signature Algorithms in DNSKEY and RRSIG Resource 301 Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July 302 2010, . 304 [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital 305 Signature Algorithm (DSA) for DNSSEC", RFC 6605, 306 DOI 10.17487/RFC6605, April 2012, 307 . 309 Authors' Addresses 311 Ondrej Sury 312 CZ.NIC 313 Milesovska 1136/5 314 Praha 130 00 315 CZ 317 Email: ondrej.sury@nic.cz 319 Robert Edmonds 320 Fastly 321 Atlanta, Georgia 322 US 324 Email: edmonds@mycre.ws