mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Mark Andrews
2002-06-07 01:37:07 +00:00
parent f54d0c9c6e
commit 826a62bc61
2 changed files with 27 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-01.txt → doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-02.txt
View File

@@ -1,11 +1,9 @@
INTERNET-DRAFT DSA KEYs and SIGs in the DNS
OBSOLETES: RFC 2536 Donald Eastlake 3rd
Motorola
Expires: May 2002 November 2001
Expires: November 2002 May 2002
@@ -13,7 +11,7 @@ Expires: May 2002 November 2001
DSA KEYs and SIGs in the Domain Name System (DNS)
--- ---- --- ---- -- --- ------ ---- ------ -----
<draft-ietf-dnsext-rfc2536bis-dsa-01.txt>
<draft-ietf-dnsext-rfc2536bis-dsa-02.txt>
Donald E. Eastlake 3rd
@@ -207,7 +205,7 @@ INTERNET-DRAFT DSA in the DNS
S = ( K**(-1) * (hash + X*R) ) mod Q
For infromation on the SHA-1 has funcation see [FIPS 180-1] and [RFC
For infromation on the SHA-1 has function see [FIPS 180-1] and [RFC
3174].
Since Q is 160 bits long, R and S can not be larger than 20 octets,
@@ -216,7 +214,7 @@ INTERNET-DRAFT DSA in the DNS
T is copied from the public key. It is not logically necessary in
the SIG but is present so that values of T > 8 can more conveniently
be used as an escape for extended versions of DSA or other algorithms
as later specified.
as later standardized.
@@ -267,12 +265,12 @@ INTERNET-DRAFT DSA in the DNS
DSA assumes the ability to frequently generate high quality random
numbers. See [RFC 1750] for guidance. DSA is designed so that if
manipulated rather than random numbers are used, high bandwidth
covert channels are possible. See [Schneier] and more recent
research. The leakage of an entire DSA private key in only two DSA
signatures has been demonstrated. DSA provides security only if
trusted implementations, including trusted random number generation,
are used.
biased rather than random numbers are used, high bandwidth covert
channels are possible. See [Schneier] and more recent research. The
leakage of an entire DSA private key in only two DSA signatures has
been demonstrated. DSA provides security only if trusted
implementations, including trusted random number generation, are
used.
@@ -300,7 +298,7 @@ References
Hash Standard, April 1995.
[FIPS 186-2] - U.S. Federal Information Processing Standard: Digital
Signature Standard, January 2000.
Signature Standard, 27 January 2000.
[RFC 1034] - P. Mockapetris, "Domain names - concepts and
facilities", 11/01/1987.
@@ -337,9 +335,9 @@ Author's Address
155 Beaver Street
Milford, MA 01757 USA
Telephone: +1-508-261-5434(w)
Telephone: +1-508-851-8280(w)
+1-508-634-2066(h)
FAX: +1-508-261-4447(w)
FAX: +1-508-851-8507(w)
EMail: Donald.Eastlake@motorola.com
@@ -354,9 +352,9 @@ INTERNET-DRAFT DSA in the DNS
Expiration and File Name
This draft expires in May 2002.
This draft expires in November 2002.
Its file name is draft-ietf-dnsext-rfc2536bis-dsa-01.txt.
Its file name is draft-ietf-dnsext-rfc2536bis-dsa-02.txt.

24
doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-01.txt → doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-02.txt
View File

@@ -2,14 +2,14 @@
INTERNET-DRAFT Diffie-Hellman Keys in the DNS
OBSOLETES: RFC 2539 Donald Eastlake 3rd
Motorola
Expires: May 2002 November 2001
Expires: November 2002 May 2002
Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
------- -- -------------- ---- -- --- ------ ---- ------ -----
<draft-ietf-dnsext-rfc2539bis-dhk-01.txt>
<draft-ietf-dnsext-rfc2539bis-dhk-02.txt>
Donald E. Eastlake 3rd
@@ -181,8 +181,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and
similar information. The DNS has been extended to include digital
signatures and cryptographic keys as described in [RFC 2535]. Thus
the DNS can now be secured and used for key distribution.
signatures and cryptographic keys as described in [RFC 2535].
@@ -214,7 +213,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
Zj = X**j ( mod p )
Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared
Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared
secret between the two parties that an adversary who does not know i
or j will not be able to learn from the exchanged messages (unless
the adversary can derive i or j by performing a discrete logarithm
@@ -228,6 +227,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
in deciding on a p and g, see [RFC 2631].
D. Eastlake 3rd [Page 4]
@@ -330,7 +330,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
obtainment or independent verification conform to security policies
acceptable to the user. As with all cryptographic algorithms,
evaluating the necessary strength of the key is important and
dependent on local policy.
dependent on security policy.
In addition, the usual Diffie-Hellman key strength considerations
apply. (p-1)/2 should also be prime, g should be primitive mod p, p
@@ -374,7 +374,8 @@ References
1999.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C", 1996, John Wiley and Sons.
Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley
and Sons.
@@ -386,19 +387,18 @@ Author's Address
155 Beaver Street
Milford, MA 01757 USA
Telephone: +1-508-261-5434 (w)
Telephone: +1-508-851-8280 (w)
+1-508-634-2066 (h)
FAX: +1-508-261-4447 (w)
FAX: +1-508-851-8507 (w)
EMail: Donald.Eastlake@motorola.com
Expiration and File Name
This draft expires in May 2002.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-01.txt.
This draft expires in November 2002.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-02.txt.