idnits 2.17.1 draft-ietf-dnsop-rfc5933-bis-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 8, 2020) is 1323 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 6986 ** Downref: Normative reference to an Informational RFC: RFC 7091 ** Downref: Normative reference to an Informational RFC: RFC 7836 Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Belyavskiy 3 Internet-Draft TCINET 4 Intended status: Standards Track V. Dolmatov, Ed. 5 Expires: March 12, 2021 JSC "NPK Kryptonite" 6 September 8, 2020 8 Use of GOST 2012 Signature Algorithms in DNSKEY and RRSIG Resource 9 Records for DNSSEC 10 draft-ietf-dnsop-rfc5933-bis-01 12 Abstract 14 This document describes how to produce digital signatures and hash 15 functions using the GOST R 34.10-2012 and GOST R 34.11-2012 16 algorithms for DNSKEY, RRSIG, and DS resource records, for use in the 17 Domain Name System Security Extensions (DNSSEC). 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on March 12, 2021. 36 Copyright Notice 38 Copyright (c) 2020 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 3 56 2.1. Using a Public Key with Existing Cryptographic Libraries 3 57 2.2. GOST DNSKEY RR Example . . . . . . . . . . . . . . . . . 4 58 3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 4 59 3.1. RRSIG RR Example . . . . . . . . . . . . . . . . . . . . 4 60 4. DS Resource Records . . . . . . . . . . . . . . . . . . . . . 5 61 4.1. DS RR Example . . . . . . . . . . . . . . . . . . . . . . 5 62 5. Deployment Considerations . . . . . . . . . . . . . . . . . . 5 63 5.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 5 64 5.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . 5 65 5.3. Digest Sizes . . . . . . . . . . . . . . . . . . . . . . 6 66 6. Implementation Considerations . . . . . . . . . . . . . . . . 6 67 6.1. Support for GOST Signatures . . . . . . . . . . . . . . . 6 68 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 69 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 70 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 71 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 72 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 73 10.2. Informative References . . . . . . . . . . . . . . . . . 8 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 76 1. Introduction 78 The Domain Name System (DNS) is the global hierarchical distributed 79 database for Internet Naming. The DNS has been extended to use 80 cryptographic keys and digital signatures for the verification of the 81 authenticity and integrity of its data. RFC 4033 [RFC4033], RFC 4034 82 [RFC4034], and RFC 4035 [RFC4035] describe these DNS Security 83 Extensions, called DNSSEC. 85 RFC 4034 describes how to store DNSKEY and RRSIG resource records, 86 and specifies a list of cryptographic algorithms to use. This 87 document extends that list with the signature and hash algorithms 88 GOST R 34.10-2012 ([RFC7091]) and GOST R 34.11-2012 ([RFC6986]), and 89 specifies how to store DNSKEY data and how to produce RRSIG resource 90 records with these algorithms. 92 Familiarity with DNSSEC and with GOST signature and hash algorithms 93 is assumed in this document. 95 1.1. Terminology 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 99 "OPTIONAL" in this document are to be interpreted as described in BCP 100 14 [RFC2119] [RFC8174] when, and only when, they appear in all 101 capitals, as shown here. 103 2. DNSKEY Resource Records 105 The format of the DNSKEY RR can be found in RFC 4034 [RFC4034]. 107 GOST R 34.10-2012 public keys are stored with the algorithm number 108 TBA1. 110 According to RFC 7091 [RFC7091], a public key is a point on the 111 elliptic curve Q = (x,y). The wire representation of a public key 112 MUST contain 64 octets, where the first 32 octets contain the little- 113 endian representation of x and the second 32 octets contain the 114 little-endian representation of y. 116 As RFC 6986 and RFC 7091 allows 2 variants of length of the output 117 hash and signature and many variants of parameters of the digital 118 signature, for the purpose of this document we use 256-bit variant of 119 the digital signature algorithm, corresponding 256-bit variant of the 120 digest algorithm. We select the parameters for the digital signature 121 algorithm to be id-tc26-gost-3410-2012-256-paramSetA in RFC 7836 122 [RFC7836]. 124 2.1. Using a Public Key with Existing Cryptographic Libraries 126 At the time of this writing, existing GOST-aware cryptographic 127 libraries are capable of reading GOST public keys via a generic X509 128 API if the key is encoded according to RFC 7091 [RFC7091], 129 Section 2.3.2. 131 To make this encoding from the wire format of a GOST public key with 132 the parameters used in this document, prepend the 64 octets of key 133 data with the following 32-byte sequence: 135 0x30 0x5e 0x30 0x17 0x06 0x08 0x2a 0x85 0x03 0x07 0x01 0x01 0x01 136 0x01 0x30 0x0b 0x06 0x09 0x2a 0x85 0x03 0x07 0x01 0x02 0x01 0x01 137 0x01 0x03 0x43 0x00 0x04 0x40 139 2.2. GOST DNSKEY RR Example 141 Given a private key with the following value (the value of the 142 Gost12Asn1 field is split here into two lines to simplify reading; in 143 the private key file, it must be in one line): 145 Private-key-format: v1.2 146 Algorithm: 23 (ECC-GOST12) 147 Gost12Asn1: MD4CAQAwFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBBCA0 148 zvTDpCSjdRCERkd6WDA2TF/ABQLp9MPZRl7hMXCVGg== 150 The following DNSKEY RR stores a DNS zone key for example: 152 example. 600 IN DNSKEY 256 3 23 ( 153 XkZ6T+qQ9teOMsA/YK+kTzELhuMPTsYggdy2b+sfzJ6t 154 H9eniziMX3gjMnUZIyrnSIchLjup8xpy+UU5l1Eyjw== 155 ) ;{id = 13439 (zsk), size = 512b} 157 3. RRSIG Resource Records 159 The value of the signature field in the RRSIG RR follows RFC 7091 160 [RFC7091] and is calculated as follows. The values for the RDATA 161 fields that precede the signature data are specified in RFC 4034 162 [RFC4034]. 164 hash = GOSTR3411-2012(data) 166 where "data" is the wire format data of the resource record set that 167 is signed, as specified in RFC 4034 [RFC4034]. 169 The signature is calculated from the hash according to the GOST R 170 34.10-2012 standard, and its wire format is compatible with RFC 7091 171 [RFC7091]. 173 3.1. RRSIG RR Example 175 With the private key from this document, consisting of one MX record: 177 example. 600 IN MX 10 mail.example. 179 Setting the inception date to 2020-01-04 17:25:26 UTC and the 180 expiration date to 2020-02-01 17:25:26 UTC, the following signature 181 RR will be valid: 183 example. 600 IN RRSIG MX 23 1 600 20200201172526 ( 184 20200104172526 13439 example. 185 EtrsAEGsNRf12HKjwNTg8U2HZ5JOSo34UaTcshoE1kwd 186 5Ror4I7zltmWAgd4b9OBn80tsajtL0Vuf45u8kEAgA== 187 ) 189 Note: The ECC-GOST12 signature algorithm uses random data, so the 190 actual computed signature value will differ between signature 191 calculations. 193 4. DS Resource Records 195 The GOST R 34.11-2012 digest algorithm is denoted in DS RRs by the 196 digest type TBA2. The wire format of a digest value is compatible 197 with RFC 6986 [RFC6986]. 199 4.1. DS RR Example 201 For Key Signing Key (KSK): 203 example. IN DNSKEY 257 3 23 ( 204 hP3ISWPT8ehEEut8ozbqPcmbTAQK0jce7MHmK0geOiRo 205 kFALGwsMrBf0H0AK2qrVJCWCJL+50v9UNZAS5mE70g== 206 ) ;{id = 7574 (ksk), size = 512b} 208 The DS RR will be: 210 example. IN DS 7574 23 5 ( 211 990f40dc548a4dbcb4b80a0760f194ac 212 0cc18484578834c1ac1f749f70c84103 213 ) 215 5. Deployment Considerations 217 5.1. Key Sizes 219 The key size of GOST public keys conforming to this specification 220 MUST be 512 bits. 222 5.2. Signature Sizes 224 The size of a GOST signature conforming to this specification MUST be 225 512 bits. 227 5.3. Digest Sizes 229 The size of a GOST digest conforming to this specification MUST be 230 256 bits. 232 6. Implementation Considerations 234 6.1. Support for GOST Signatures 236 DNSSEC-aware implementations MAY be able to support RRSIG and DNSKEY 237 resource records created with the GOST algorithms as defined in this 238 document. 240 7. Security Considerations 242 Currently, the cryptographic resistance of the GOST R 34.10-2012 243 digital signature algorithm is estimated as 2**128 operations of 244 multiple elliptic curve point computations on prime modulus of order 245 2**256. 247 Currently, the cryptographic collision resistance of the GOST R 248 34.11-2012 hash algorithm is estimated as 2**128 operations of 249 computations of a step hash function. 251 8. IANA Considerations 253 This document updates the IANA registry "DNS Security Algorithm 254 Numbers". The following entries have been added to the registry: 256 Zone Trans. 257 Value Algorithm Mnemonic Signing Sec. References Status 258 TBA1 GOST R 34.10-2012 ECC-GOST12 Y * RFC TBA OPTIONAL 260 This document updates the RFC IANA registry "Delegation Signer (DS) 261 Resource Record (RR) Type Digest Algorithms" by adding an entry for 262 the GOST R 34.11-2012 algorithm: 264 Value Algorithm Status 265 TBA2 GOST R 34.11-2012 OPTIONAL 267 This paragraph shoud be removed before the publication of RFC: For 268 the purpose of example computations, the following values were used: 269 TBA1 = 23, TBA2 = 5. 271 9. Acknowledgments 273 This document is a minor extension to RFC 4034 [RFC4034]. Also, we 274 tried to follow the documents RFC 3110 [RFC3110], RFC 4509 [RFC4509], 275 and RFC 5933 [RFC5933] for consistency. The authors of and 276 contributors to these documents are gratefully acknowledged for their 277 hard work. 279 The following people provided additional feedback, text, and valuable 280 assistance: Alexander Venedyukhin, Valery Smyslov, Tim Wicinski, TODO 282 10. References 284 10.1. Normative References 286 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 287 Requirement Levels", BCP 14, RFC 2119, 288 DOI 10.17487/RFC2119, March 1997, 289 . 291 [RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the 292 Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110, 293 May 2001, . 295 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. 296 Rose, "DNS Security Introduction and Requirements", 297 RFC 4033, DOI 10.17487/RFC4033, March 2005, 298 . 300 [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. 301 Rose, "Resource Records for the DNS Security Extensions", 302 RFC 4034, DOI 10.17487/RFC4034, March 2005, 303 . 305 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. 306 Rose, "Protocol Modifications for the DNS Security 307 Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, 308 . 310 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: 311 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 312 2013, . 314 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: 315 Digital Signature Algorithm", RFC 7091, 316 DOI 10.17487/RFC7091, December 2013, 317 . 319 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., 320 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines 321 on the Cryptographic Algorithms to Accompany the Usage of 322 Standards GOST R 34.10-2012 and GOST R 34.11-2012", 323 RFC 7836, DOI 10.17487/RFC7836, March 2016, 324 . 326 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 327 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 328 May 2017, . 330 10.2. Informative References 332 [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer 333 (DS) Resource Records (RRs)", RFC 4509, 334 DOI 10.17487/RFC4509, May 2006, 335 . 337 [RFC5933] Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of 338 GOST Signature Algorithms in DNSKEY and RRSIG Resource 339 Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July 340 2010, . 342 Authors' Addresses 344 Dmitry Belyavskiy 345 TCINET 346 8 marta st 347 Moscow 348 Russian Federation 350 Phone: +7 916 262 5593 351 Email: beldmit@gmail.com 353 Vasily Dolmatov (editor) 354 JSC "NPK Kryptonite" 355 Spartakovskaya sq., 14, bld 2, JSC "NPK Kryptonite" 356 Moscow 105082 357 Russian Federation 359 Email: vdolmatov@gmail.com