mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

new draft

Browse Source
This commit is contained in:
Mark Andrews
2009-02-27 23:15:24 +00:00
parent 549e34bbf4
commit 2cfac8b1fd
1 changed files with 89 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
doc/draft/draft-ietf-dnsext-dnssec-rsasha256-10.txt → doc/draft/draft-ietf-dnsext-dnssec-rsasha256-11.txt
View File

@@ -3,13 +3,13 @@
DNS Extensions working group J. Jansen DNS Extensions working group J. Jansen
Internet-Draft NLnet Labs Internet-Draft NLnet Labs
Intended status: Standards Track January 08, 2009 Intended status: Standards Track February 27, 2009
Expires: July 12, 2009 Expires: August 31, 2009
Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records
for DNSSEC for DNSSEC
draft-ietf-dnsext-dnssec-rsasha256-10 draft-ietf-dnsext-dnssec-rsasha256-11
Status of this Memo Status of this Memo
@@ -32,7 +32,7 @@ Status of this Memo
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 12, 2009. This Internet-Draft will expire on August 31, 2009.
Copyright Notice Copyright Notice
@@ -40,24 +40,23 @@ Copyright Notice
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents in effect on the date of
(http://trustee.ietf.org/license-info) in effect on the date of publication of this document (http://trustee.ietf.org/license-info).
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document.
to this document.
Abstract Abstract
This document describes how to produce RSA/SHA-256 and RSA/SHA-512 This document describes how to produce RSA/SHA-256 and RSA/SHA-512
Jansen Expires July 12, 2009 [Page 1]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
DNSKEY and RRSIG resource records for use in the Domain Name System DNSKEY and RRSIG resource records for use in the Domain Name System
Jansen Expires August 31, 2009 [Page 1]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035). Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035).
@@ -66,27 +65,27 @@ Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . . 3 2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . . 3
2.1. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . 3 2.1. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . 3
2.2. RSA/SHA-512 DNSKEY Resource Records . . . . . . . . . . . . 3 2.2. RSA/SHA-512 DNSKEY Resource Records . . . . . . . . . . . . 4
3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . . 4 3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . . 4
3.1. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . 4 3.1. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . 4
3.2. RSA/SHA-512 RRSIG Resource Records . . . . . . . . . . . . 4 3.2. RSA/SHA-512 RRSIG Resource Records . . . . . . . . . . . . 5
4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 5 4. Deployment Considerations . . . . . . . . . . . . . . . . . . . 5
4.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . . 5 4.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . . 5
5. Implementation Considerations . . . . . . . . . . . . . . . . . 5 5. Implementation Considerations . . . . . . . . . . . . . . . . . 5
5.1. Support for SHA-2 signatures . . . . . . . . . . . . . . . 5 5.1. Support for SHA-2 signatures . . . . . . . . . . . . . . . 5
5.2. Support for NSEC3 Denial of Existence . . . . . . . . . . . 5 5.2. Support for NSEC3 Denial of Existence . . . . . . . . . . . 5
5.2.1. NSEC3 in Authoritative servers . . . . . . . . . . . . 5 5.2.1. NSEC3 in Authoritative servers . . . . . . . . . . . . 6
5.2.2. NSEC3 in Validators . . . . . . . . . . . . . . . . . . 5 5.2.2. NSEC3 in Validators . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
7.1. SHA-1 versus SHA-2 Considerations for RRSIG Resource 7.1. SHA-1 versus SHA-2 Considerations for RRSIG Resource
Records . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Records . . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.2. Signature Type Downgrade Attacks . . . . . . . . . . . . . 6 7.2. Signature Type Downgrade Attacks . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
@@ -108,9 +107,10 @@ Table of Contents
Jansen Expires July 12, 2009 [Page 2]
Jansen Expires August 31, 2009 [Page 2]
Internet-Draft DNSSEC RSA/SHA-2 January 2009 Internet-Draft DNSSEC RSA/SHA-2 February 2009
1. Introduction 1. Introduction
@@ -137,6 +137,11 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
used. The same goes for RSA/SHA-256 and RSA/SHA-512, which will be used. The same goes for RSA/SHA-256 and RSA/SHA-512, which will be
grouped using the name RSA/SHA-2. grouped using the name RSA/SHA-2.
The term "SHA-2" is not officially defined, but is usually used to
refer to the collection of the algorithms SHA-224, SHA-256, SHA-384
and SHA-512. Since SHA-224 and SHA-384 are not used in DNSSEC, SHA-2
will only refer to SHA-256 and SHA-512 in this document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
@@ -156,19 +161,19 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
SHA-256 keys MUST NOT be less than 512 bits, and MUST NOT be more SHA-256 keys MUST NOT be less than 512 bits, and MUST NOT be more
than 4096 bits. than 4096 bits.
Jansen Expires August 31, 2009 [Page 3]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
2.2. RSA/SHA-512 DNSKEY Resource Records 2.2. RSA/SHA-512 DNSKEY Resource Records
RSA public keys for use with RSA/SHA-512 are stored in DNSKEY RSA public keys for use with RSA/SHA-512 are stored in DNSKEY
resource records (RRs) with the algorithm number {TBA2}. resource records (RRs) with the algorithm number {TBA2}.
Jansen Expires July 12, 2009 [Page 3]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
The key size of RSA/SHA-512 keys MUST NOT be less than 1024 bits, and The key size of RSA/SHA-512 keys MUST NOT be less than 1024 bits, and
MUST NOT be more than 4096 bits. MUST NOT be more than 4096 bits.
@@ -213,18 +218,18 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
hex 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 hex 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
Jansen Expires August 31, 2009 [Page 4]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
3.2. RSA/SHA-512 RRSIG Resource Records 3.2. RSA/SHA-512 RRSIG Resource Records
RSA/SHA-512 signatures are stored in the DNS using RRSIG resource RSA/SHA-512 signatures are stored in the DNS using RRSIG resource
records (RRs) with algorithm number {TBA2}. records (RRs) with algorithm number {TBA2}.
Jansen Expires July 12, 2009 [Page 4]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
The prefix is the ASN.1 DER SHA-512 algorithm designator prefix as The prefix is the ASN.1 DER SHA-512 algorithm designator prefix as
specified in PKCS #1 v2.1 [RFC3447]: specified in PKCS #1 v2.1 [RFC3447]:
@@ -235,11 +240,10 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
4.1. Key Sizes 4.1. Key Sizes
Apart from the restrictions specified in section 2, this document Apart from the restrictions in section 2, this document will not
will not specify what size of keys to use. That is an operational specify what size of keys to use. That is an operational issue and
issue and depends largely on the environment and intended use. A depends largely on the environment and intended use. A good starting
good starting point for more information would be NIST SP 800-57 point for more information would be NIST SP 800-57 [NIST800-57].
[NIST800-57].
4.2. Signature Sizes 4.2. Signature Sizes
@@ -254,33 +258,38 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
5.1. Support for SHA-2 signatures 5.1. Support for SHA-2 signatures
DNSSEC aware implementations SHOULD be able to support RRSIG resource DNSSEC aware implementations SHOULD be able to support RRSIG and
records with the RSA/SHA-2 algorithms. DNSKEY resource records created with the RSA/SHA-2 algorithms as
defined in this document.
5.2. Support for NSEC3 Denial of Existence 5.2. Support for NSEC3 Denial of Existence
Note that these algorithms have no aliases to signal NSEC3 [RFC5155] RFC5155 [RFC5155] defines new algorithm identifiers for existing
denial of existence. The aliases mechanism used in RFC 5155 was to signing algorithms, to indicate that zones signed with these
protect implementations predating that RFC from encountering records algorithm identifiers use NSEC3 instead of NSEC records to provide
they could not know about. denial of existence. That mechanism was chosen to protect
implementations predating RFC5155 from encountering resource records
they could not know about. This document does not define such
algorithm aliases, and support for NSEC3 denial of existence is
implicitly signaled with support for one of the algorithms defined in
this document.
Jansen Expires August 31, 2009 [Page 5]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
5.2.1. NSEC3 in Authoritative servers 5.2.1. NSEC3 in Authoritative servers
An authoritative server that does not implement NSEC3 MAY still serve An authoritative server that does not implement NSEC3 MAY still serve
zones that use RSA/SHA2 with NSEC. zones that use RSA/SHA2 with NSEC denial of existence.
5.2.2. NSEC3 in Validators 5.2.2. NSEC3 in Validators
A DNSSEC validator that implements RSA/SHA2 MUST be able to handle A DNSSEC validator that implements RSA/SHA2 MUST be able to handle
both NSEC and NSEC3 [RFC5155] negative answers. If this is not the both NSEC and NSEC3 [RFC5155] negative answers. If this is not the
Jansen Expires July 12, 2009 [Page 5]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
case, the validator MUST treat a zone signed with RSA/SHA256 or RSA/ case, the validator MUST treat a zone signed with RSA/SHA256 or RSA/
SHA512 as signed with an unknown algorithm, and thus as insecure. SHA512 as signed with an unknown algorithm, and thus as insecure.
@@ -319,6 +328,15 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
used for RSA/SHA-1 signatures. This should ease implementation of used for RSA/SHA-1 signatures. This should ease implementation of
the new hashing algorithms in DNSSEC software. the new hashing algorithms in DNSSEC software.
Jansen Expires August 31, 2009 [Page 6]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
7.2. Signature Type Downgrade Attacks 7.2. Signature Type Downgrade Attacks
Since each RRSet MUST be signed with each algorithm present in the Since each RRSet MUST be signed with each algorithm present in the
@@ -329,14 +347,6 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
attacks, if the validator supports RSA/SHA-2. attacks, if the validator supports RSA/SHA-2.
Jansen Expires July 12, 2009 [Page 6]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
8. Acknowledgments 8. Acknowledgments
This document is a minor extension to RFC 4034 [RFC4034]. Also, we This document is a minor extension to RFC 4034 [RFC4034]. Also, we
@@ -345,9 +355,9 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
are gratefully acknowledged for their hard work. are gratefully acknowledged for their hard work.
The following people provided additional feedback and text: Jaap The following people provided additional feedback and text: Jaap
Akkerhuis, Roy Arends, Rob Austein, Francis Dupont, Miek Gieben, Akkerhuis, Mark Andrews, Roy Arends, Rob Austein, Francis Dupont,
Alfred Hoenes, Paul Hoffman, Peter Koch, Michael St. Johns, Scott Miek Gieben, Alfred Hoenes, Paul Hoffman, Peter Koch, Michael St.
Rose and Wouter Wijngaards. Johns, Scott Rose and Wouter Wijngaards.
9. References 9. References
@@ -376,6 +386,13 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
Rose, "Protocol Modifications for the DNS Security Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005. Extensions", RFC 4035, March 2005.
Jansen Expires August 31, 2009 [Page 7]
Internet-Draft DNSSEC RSA/SHA-2 February 2009
9.2. Informative References 9.2. Informative References
[NIST800-57] [NIST800-57]
@@ -385,14 +402,6 @@ Internet-Draft DNSSEC RSA/SHA-2 January 2009
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications Standards (PKCS) #1: RSA Cryptography Specifications
Jansen Expires July 12, 2009 [Page 7]
Internet-Draft DNSSEC RSA/SHA-2 January 2009
Version 2.1", RFC 3447, February 2003. Version 2.1", RFC 3447, February 2003.
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer
@@ -435,14 +444,5 @@ Author's Address
Jansen Expires August 31, 2009 [Page 8]
Jansen Expires July 12, 2009 [Page 8]