diff --git a/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-01.txt b/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-02.txt similarity index 92% rename from doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-01.txt rename to doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-02.txt index 803d681248..331297e674 100644 --- a/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-01.txt +++ b/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-02.txt @@ -1,11 +1,9 @@ - - INTERNET-DRAFT DSA KEYs and SIGs in the DNS OBSOLETES: RFC 2536 Donald Eastlake 3rd Motorola -Expires: May 2002 November 2001 +Expires: November 2002 May 2002 @@ -13,7 +11,7 @@ Expires: May 2002 November 2001 DSA KEYs and SIGs in the Domain Name System (DNS) --- ---- --- ---- -- --- ------ ---- ------ ----- - + Donald E. Eastlake 3rd @@ -207,7 +205,7 @@ INTERNET-DRAFT DSA in the DNS S = ( K**(-1) * (hash + X*R) ) mod Q - For infromation on the SHA-1 has funcation see [FIPS 180-1] and [RFC + For infromation on the SHA-1 has function see [FIPS 180-1] and [RFC 3174]. Since Q is 160 bits long, R and S can not be larger than 20 octets, @@ -216,7 +214,7 @@ INTERNET-DRAFT DSA in the DNS T is copied from the public key. It is not logically necessary in the SIG but is present so that values of T > 8 can more conveniently be used as an escape for extended versions of DSA or other algorithms - as later specified. + as later standardized. @@ -267,12 +265,12 @@ INTERNET-DRAFT DSA in the DNS DSA assumes the ability to frequently generate high quality random numbers. See [RFC 1750] for guidance. DSA is designed so that if - manipulated rather than random numbers are used, high bandwidth - covert channels are possible. See [Schneier] and more recent - research. The leakage of an entire DSA private key in only two DSA - signatures has been demonstrated. DSA provides security only if - trusted implementations, including trusted random number generation, - are used. + biased rather than random numbers are used, high bandwidth covert + channels are possible. See [Schneier] and more recent research. The + leakage of an entire DSA private key in only two DSA signatures has + been demonstrated. DSA provides security only if trusted + implementations, including trusted random number generation, are + used. @@ -300,7 +298,7 @@ References Hash Standard, April 1995. [FIPS 186-2] - U.S. Federal Information Processing Standard: Digital - Signature Standard, January 2000. + Signature Standard, 27 January 2000. [RFC 1034] - P. Mockapetris, "Domain names - concepts and facilities", 11/01/1987. @@ -337,9 +335,9 @@ Author's Address 155 Beaver Street Milford, MA 01757 USA - Telephone: +1-508-261-5434(w) + Telephone: +1-508-851-8280(w) +1-508-634-2066(h) - FAX: +1-508-261-4447(w) + FAX: +1-508-851-8507(w) EMail: Donald.Eastlake@motorola.com @@ -354,9 +352,9 @@ INTERNET-DRAFT DSA in the DNS Expiration and File Name - This draft expires in May 2002. + This draft expires in November 2002. - Its file name is draft-ietf-dnsext-rfc2536bis-dsa-01.txt. + Its file name is draft-ietf-dnsext-rfc2536bis-dsa-02.txt. diff --git a/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-01.txt b/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-02.txt similarity index 96% rename from doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-01.txt rename to doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-02.txt index 14fdfed53e..de85e8b2c8 100644 --- a/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-01.txt +++ b/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-02.txt @@ -2,14 +2,14 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS OBSOLETES: RFC 2539 Donald Eastlake 3rd Motorola -Expires: May 2002 November 2001 +Expires: November 2002 May 2002 Storage of Diffie-Hellman Keys in the Domain Name System (DNS) ------- -- -------------- ---- -- --- ------ ---- ------ ----- - + Donald E. Eastlake 3rd @@ -181,8 +181,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS The Domain Name System (DNS) is the global hierarchical replicated distributed database system for Internet addressing, mail proxy, and similar information. The DNS has been extended to include digital - signatures and cryptographic keys as described in [RFC 2535]. Thus - the DNS can now be secured and used for key distribution. + signatures and cryptographic keys as described in [RFC 2535]. @@ -214,7 +213,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS Zj = X**j ( mod p ) - Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared + Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared secret between the two parties that an adversary who does not know i or j will not be able to learn from the exchanged messages (unless the adversary can derive i or j by performing a discrete logarithm @@ -228,6 +227,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS in deciding on a p and g, see [RFC 2631]. + D. Eastlake 3rd [Page 4] @@ -330,7 +330,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS obtainment or independent verification conform to security policies acceptable to the user. As with all cryptographic algorithms, evaluating the necessary strength of the key is important and - dependent on local policy. + dependent on security policy. In addition, the usual Diffie-Hellman key strength considerations apply. (p-1)/2 should also be prime, g should be primitive mod p, p @@ -374,7 +374,8 @@ References 1999. [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, - Algorithms, and Source Code in C", 1996, John Wiley and Sons. + Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley + and Sons. @@ -386,19 +387,18 @@ Author's Address 155 Beaver Street Milford, MA 01757 USA - Telephone: +1-508-261-5434 (w) + Telephone: +1-508-851-8280 (w) +1-508-634-2066 (h) - FAX: +1-508-261-4447 (w) + FAX: +1-508-851-8507 (w) EMail: Donald.Eastlake@motorola.com Expiration and File Name - This draft expires in May 2002. - - Its file name is draft-ietf-dnsext-rfc2539bis-dhk-01.txt. + This draft expires in November 2002. + Its file name is draft-ietf-dnsext-rfc2539bis-dhk-02.txt.