mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Mark Andrews
2002-06-07 01:37:07 +00:00
parent f54d0c9c6e
commit 826a62bc61
2 changed files with 27 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-01.txt → doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-02.txt
View File

@@ -1,11 +1,9 @@
INTERNET-DRAFT DSA KEYs and SIGs in the DNS INTERNET-DRAFT DSA KEYs and SIGs in the DNS
OBSOLETES: RFC 2536 Donald Eastlake 3rd OBSOLETES: RFC 2536 Donald Eastlake 3rd
Motorola Motorola
Expires: May 2002 November 2001 Expires: November 2002 May 2002
@@ -13,7 +11,7 @@ Expires: May 2002 November 2001
DSA KEYs and SIGs in the Domain Name System (DNS) DSA KEYs and SIGs in the Domain Name System (DNS)
--- ---- --- ---- -- --- ------ ---- ------ ----- --- ---- --- ---- -- --- ------ ---- ------ -----
<draft-ietf-dnsext-rfc2536bis-dsa-01.txt> <draft-ietf-dnsext-rfc2536bis-dsa-02.txt>
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
@@ -207,7 +205,7 @@ INTERNET-DRAFT DSA in the DNS
S = ( K**(-1) * (hash + X*R) ) mod Q S = ( K**(-1) * (hash + X*R) ) mod Q
For infromation on the SHA-1 has funcation see [FIPS 180-1] and [RFC For infromation on the SHA-1 has function see [FIPS 180-1] and [RFC
3174]. 3174].
Since Q is 160 bits long, R and S can not be larger than 20 octets, Since Q is 160 bits long, R and S can not be larger than 20 octets,
@@ -216,7 +214,7 @@ INTERNET-DRAFT DSA in the DNS
T is copied from the public key. It is not logically necessary in T is copied from the public key. It is not logically necessary in
the SIG but is present so that values of T > 8 can more conveniently the SIG but is present so that values of T > 8 can more conveniently
be used as an escape for extended versions of DSA or other algorithms be used as an escape for extended versions of DSA or other algorithms
as later specified. as later standardized.
@@ -267,12 +265,12 @@ INTERNET-DRAFT DSA in the DNS
DSA assumes the ability to frequently generate high quality random DSA assumes the ability to frequently generate high quality random
numbers. See [RFC 1750] for guidance. DSA is designed so that if numbers. See [RFC 1750] for guidance. DSA is designed so that if
manipulated rather than random numbers are used, high bandwidth biased rather than random numbers are used, high bandwidth covert
covert channels are possible. See [Schneier] and more recent channels are possible. See [Schneier] and more recent research. The
research. The leakage of an entire DSA private key in only two DSA leakage of an entire DSA private key in only two DSA signatures has
signatures has been demonstrated. DSA provides security only if been demonstrated. DSA provides security only if trusted
trusted implementations, including trusted random number generation, implementations, including trusted random number generation, are
are used. used.
@@ -300,7 +298,7 @@ References
Hash Standard, April 1995. Hash Standard, April 1995.
[FIPS 186-2] - U.S. Federal Information Processing Standard: Digital [FIPS 186-2] - U.S. Federal Information Processing Standard: Digital
Signature Standard, January 2000. Signature Standard, 27 January 2000.
[RFC 1034] - P. Mockapetris, "Domain names - concepts and [RFC 1034] - P. Mockapetris, "Domain names - concepts and
facilities", 11/01/1987. facilities", 11/01/1987.
@@ -337,9 +335,9 @@ Author's Address
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-261-5434(w) Telephone: +1-508-851-8280(w)
+1-508-634-2066(h) +1-508-634-2066(h)
FAX: +1-508-261-4447(w) FAX: +1-508-851-8507(w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
@@ -354,9 +352,9 @@ INTERNET-DRAFT DSA in the DNS
Expiration and File Name Expiration and File Name
This draft expires in May 2002. This draft expires in November 2002.
Its file name is draft-ietf-dnsext-rfc2536bis-dsa-01.txt. Its file name is draft-ietf-dnsext-rfc2536bis-dsa-02.txt.

24
doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-01.txt → doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-02.txt
View File

@@ -2,14 +2,14 @@
INTERNET-DRAFT Diffie-Hellman Keys in the DNS INTERNET-DRAFT Diffie-Hellman Keys in the DNS
OBSOLETES: RFC 2539 Donald Eastlake 3rd OBSOLETES: RFC 2539 Donald Eastlake 3rd
Motorola Motorola
Expires: May 2002 November 2001 Expires: November 2002 May 2002
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
------- -- -------------- ---- -- --- ------ ---- ------ ----- ------- -- -------------- ---- -- --- ------ ---- ------ -----
<draft-ietf-dnsext-rfc2539bis-dhk-01.txt> <draft-ietf-dnsext-rfc2539bis-dhk-02.txt>
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
@@ -181,8 +181,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
The Domain Name System (DNS) is the global hierarchical replicated The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and distributed database system for Internet addressing, mail proxy, and
similar information. The DNS has been extended to include digital similar information. The DNS has been extended to include digital
signatures and cryptographic keys as described in [RFC 2535]. Thus signatures and cryptographic keys as described in [RFC 2535].
the DNS can now be secured and used for key distribution.
@@ -214,7 +213,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
Zj = X**j ( mod p ) Zj = X**j ( mod p )
Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared
secret between the two parties that an adversary who does not know i secret between the two parties that an adversary who does not know i
or j will not be able to learn from the exchanged messages (unless or j will not be able to learn from the exchanged messages (unless
the adversary can derive i or j by performing a discrete logarithm the adversary can derive i or j by performing a discrete logarithm
@@ -228,6 +227,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
in deciding on a p and g, see [RFC 2631]. in deciding on a p and g, see [RFC 2631].
D. Eastlake 3rd [Page 4] D. Eastlake 3rd [Page 4]
@@ -330,7 +330,7 @@ INTERNET-DRAFT Diffie-Hellman Keys in the DNS
obtainment or independent verification conform to security policies obtainment or independent verification conform to security policies
acceptable to the user. As with all cryptographic algorithms, acceptable to the user. As with all cryptographic algorithms,
evaluating the necessary strength of the key is important and evaluating the necessary strength of the key is important and
dependent on local policy. dependent on security policy.
In addition, the usual Diffie-Hellman key strength considerations In addition, the usual Diffie-Hellman key strength considerations
apply. (p-1)/2 should also be prime, g should be primitive mod p, p apply. (p-1)/2 should also be prime, g should be primitive mod p, p
@@ -374,7 +374,8 @@ References
1999. 1999.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C", 1996, John Wiley and Sons. Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley
and Sons.
@@ -386,19 +387,18 @@ Author's Address
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-261-5434 (w) Telephone: +1-508-851-8280 (w)
+1-508-634-2066 (h) +1-508-634-2066 (h)
FAX: +1-508-261-4447 (w) FAX: +1-508-851-8507 (w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in May 2002. This draft expires in November 2002.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-01.txt.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-02.txt.