[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 RFC 4034

DNS Extensions                                                 R. Arends
Internet-Draft                                      Telematica Instituut
Expires: August 26, 2003                                      R. Austein
                                                                     ISC
                                                               M. Larson
                                                                VeriSign
                                                               D. Massey
                                                                 USC/ISI
                                                                 S. Rose
                                                                    NIST
                                                       February 25, 2003


            Resource Records for the DNS Security Extensions
                  draft-ietf-dnsext-dnssec-records-03

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at http://
   www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 26, 2003.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document is part of a family of documents that describes the DNS
   Security Extensions (DNSSEC).  The DNS Security Extensions are a
   collection of resource records and protocol modifications that
   provide source authentication for the DNS.  This document defines the



Arends, et al.           Expires August 26, 2003                [Page 1]


Internet-Draft           DNSSEC Resource Records           February 2003


   KEY, DS, SIG, and NXT resource records.  The purpose and format of
   each resource record is described in detail and an example of each
   resource record is given.

Table of Contents

   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  4
   1.1   Background and Related Documents . . . . . . . . . . . . . .  4
   1.2   Reserved Words . . . . . . . . . . . . . . . . . . . . . . .  4
   1.3   Editors Notes  . . . . . . . . . . . . . . . . . . . . . . .  4
   1.3.1 Open Technical Issues  . . . . . . . . . . . . . . . . . . .  4
   1.3.2 Technical Changes or Corrections . . . . . . . . . . . . . .  4
   1.3.3 Typos and Minor Corrections  . . . . . . . . . . . . . . . .  5
   2.    The KEY Resource Record  . . . . . . . . . . . . . . . . . .  6
   2.1   KEY RDATA Wire Format  . . . . . . . . . . . . . . . . . . .  6
   2.1.1 The Flags Field  . . . . . . . . . . . . . . . . . . . . . .  6
   2.1.2 The Protocol Field . . . . . . . . . . . . . . . . . . . . .  7
   2.1.3 The Algorithm Field  . . . . . . . . . . . . . . . . . . . .  7
   2.1.4 The Public Key Field . . . . . . . . . . . . . . . . . . . .  7
   2.1.5 Notes on KEY RDATA Design  . . . . . . . . . . . . . . . . .  7
   2.2   The KEY RR Presentation Format . . . . . . . . . . . . . . .  7
   2.3   KEY RR Example . . . . . . . . . . . . . . . . . . . . . . .  7
   3.    The SIG Resource Record  . . . . . . . . . . . . . . . . . .  9
   3.1   SIG RDATA Wire Format  . . . . . . . . . . . . . . . . . . .  9
   3.1.1 The Type Covered Field . . . . . . . . . . . . . . . . . . . 10
   3.1.2 The Algorithm Number Field . . . . . . . . . . . . . . . . . 10
   3.1.3 The Labels Field . . . . . . . . . . . . . . . . . . . . . . 10
   3.1.4 Original TTL Field . . . . . . . . . . . . . . . . . . . . . 11
   3.1.5 Signature Expiration and Inception Fields  . . . . . . . . . 11
   3.1.6 The Key Tag Field  . . . . . . . . . . . . . . . . . . . . . 11
   3.1.7 The Signer's Name Field  . . . . . . . . . . . . . . . . . . 11
   3.1.8 The Signature Field  . . . . . . . . . . . . . . . . . . . . 12
   3.2   The SIG RR Presentation Format . . . . . . . . . . . . . . . 12
   3.3   SIG RR Example . . . . . . . . . . . . . . . . . . . . . . . 13
   4.    The NXT Resource Record  . . . . . . . . . . . . . . . . . . 15
   4.1   NXT RDATA Wire Format  . . . . . . . . . . . . . . . . . . . 15
   4.1.1 The Next Domain Name Field . . . . . . . . . . . . . . . . . 15
   4.1.2 The Type Bit Map Field . . . . . . . . . . . . . . . . . . . 15
   4.1.3 Inclusion of Wildcard Names in NXT RDATA . . . . . . . . . . 16
   4.2   The NXT RR Presentation Format . . . . . . . . . . . . . . . 16
   4.3   NXT RR Example . . . . . . . . . . . . . . . . . . . . . . . 16
   5.    The DS Resource Record . . . . . . . . . . . . . . . . . . . 18
   5.1   DS RDATA Wire Format . . . . . . . . . . . . . . . . . . . . 18
   5.1.1 The Key Tag Field  . . . . . . . . . . . . . . . . . . . . . 18
   5.1.2 The Algorithm Field  . . . . . . . . . . . . . . . . . . . . 19
   5.1.3 The Digest Type Field  . . . . . . . . . . . . . . . . . . . 19
   5.1.4 The Digest Field . . . . . . . . . . . . . . . . . . . . . . 19
   5.2   The DS RR Presentation Format  . . . . . . . . . . . . . . . 19



Arends, et al.           Expires August 26, 2003                [Page 2]


Internet-Draft           DNSSEC Resource Records           February 2003


   5.3   DS RR Example  . . . . . . . . . . . . . . . . . . . . . . . 20
   6.    Canonical Form and Order of Resource Records . . . . . . . . 21
   6.1   Canonical DNS Name Order . . . . . . . . . . . . . . . . . . 21
   6.2   Canonical RR Form  . . . . . . . . . . . . . . . . . . . . . 21
   6.3   Canonical RR Ordering Within An RRset  . . . . . . . . . . . 22
   7.    IANA Considerations  . . . . . . . . . . . . . . . . . . . . 23
   8.    Security Considerations  . . . . . . . . . . . . . . . . . . 24
   9.    Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . 25
         Normative References . . . . . . . . . . . . . . . . . . . . 26
         Informative References . . . . . . . . . . . . . . . . . . . 27
         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27
   A.    DNSSEC Algorithm and Digest Types  . . . . . . . . . . . . . 29
   A.1   DNSSEC Algorithm Types . . . . . . . . . . . . . . . . . . . 29
   A.1.1 Private Algorithm Types  . . . . . . . . . . . . . . . . . . 29
   A.2   DNSSEC Digest Types  . . . . . . . . . . . . . . . . . . . . 30
   B.    Key Tag Calculation  . . . . . . . . . . . . . . . . . . . . 31
   B.1   Key Tag for Algorithm 1 (RSA/MD5)  . . . . . . . . . . . . . 32
         Full Copyright Statement . . . . . . . . . . . . . . . . . . 33

































Arends, et al.           Expires August 26, 2003                [Page 3]


Internet-Draft           DNSSEC Resource Records           February 2003


1. Introduction

   The DNS Security Extensions (DNSSEC) introduce four new DNS resource
   record types: KEY, SIG, NXT, and DS.  This document defines the
   purpose of each resource record (RR), the RR's RDATA format, and its
   ASCII representation.

1.1 Background and Related Documents

   The reader is assumed to be familiar with the basic DNS concepts
   described in RFC1034 [1] and RFC1035 [2].

   This document is part of a family of documents that define the DNS
   security extensions.  The DNS security extensions (DNSSEC) are a
   collection of resource records and DNS protocol modifications that
   add source authentication the Domain Name System (DNS).  An
   introduction to DNSSEC and definition of common terms can be found in
   [10].  A description of DNS protocol modifications can be found in
   [11].  This document defines the DNSSEC resource records.

1.2 Reserved Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [5].

1.3 Editors Notes

1.3.1 Open Technical Issues

   The NXT section (Section 4) may be updated in the next version if
   DNSSEC-Opt-In [13] becomes part of DNSSEC.

   The cryptographic algorithm types (Appendix A) requires input from
   the working group.  The DSA algorithm was moved to OPTIONAL.  This
   had strong consensus in workshops and various discussions and a
   separate internet draft solely to move DSA from MANDATORY to OPTIONAL
   seemed excessive.  This draft solicits input on that proposed change.

1.3.2 Technical Changes or Corrections

   Please report technical corrections to dnssec-editors@east.isi.edu.
   To assist the editors, please indicate the text in error and point
   out the RFC that defines the correct behavior.  For a technical
   change where no RFC that defines the correct behavior, or if there's
   more than one applicable RFC and the definitions conflict, please
   post the issue to namedroppers.




Arends, et al.           Expires August 26, 2003                [Page 4]


Internet-Draft           DNSSEC Resource Records           February 2003


   An example correction to dnssec-editors might be: Page X says
   "DNSSEC RRs SHOULD be automatically returned in responses."  This was
   true in RFC 2535, but RFC 3225 (Section 3, 3rd paragraph) says the
   DNSSEC RR types MUST NOT be included in responses unless the resolver
   indicated support for DNSSEC.

1.3.3 Typos and Minor Corrections

   Please report any typos corrections to dnssec-editors@east.isi.edu.
   To assist the editors, please provide enough context for us to find
   the incorrect text quickly.

   An example message to dnssec-editors might be: page X says "the
   DNSSEC standard has been in development for over 1 years".   It
   should read "over 10 years".




































Arends, et al.           Expires August 26, 2003                [Page 5]


Internet-Draft           DNSSEC Resource Records           February 2003


2. The KEY Resource Record

   DNSSEC uses public key cryptography to sign and authenticate DNS
   resource record sets (RRsets).  The public keys are stored in KEY
   resource records and are used in the DNSSEC authentication process
   described in [11].  In a typical example, a zone signs its
   authoritative RRsets using a private key and stores the corresponding
   public key in a KEY RR.  A resolver can then use these signatures to
   authenticate RRsets from the zone.

   The KEY RR may also be used to store public keys associated with
   other DNS operations such as TKEY [15].  In all cases, the KEY RR
   plays a special role in secure DNS resolution and DNS message
   processing.  The KEY RR is not intended as a record for storing
   arbitrary public keys.  The KEY RR MUST NOT be used to store
   certificates or public keys that do not directly relate to the DNS
   infrastructure.  Examples of certificates and public keys that MUST
   NOT be stored in the KEY RR include X.509 certificates, IPSEC public
   keys, and SSH public keys.

   The Type value for the KEY RR type is 25.

   The KEY RR is class independent.

   There are no special TTL requirements on the KEY record.

2.1 KEY RDATA Wire Format

   The RDATA for a KEY RR consists of a 2 octet Flags Field, a 1 octet
   Protocol Field, a 1 octet Algorithm Field , and the Public Key Field.

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Flags            |    Protocol   |   Algorithm   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                            Public Key                         /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


2.1.1 The Flags Field

   Bit 7 of the Flags field is the Zone Key flag.  If bit 7 has value 1,
   then the KEY record holds a DNS zone key and the KEY's owner name
   MUST be the name of a zone.  If bit 7 has value 0, then the KEY
   record holds some other type of DNS public key, such as a public key



Arends, et al.           Expires August 26, 2003                [Page 6]


Internet-Draft           DNSSEC Resource Records           February 2003


   used by TKEY.

   Bits 0-6 and 8-15 are reserved and MUST have value 0 upon creation of
   the KEY RR, and MUST be ignored upon reception.

   Editors' Note: draft-ietf-dnsext-keyrr-key-signing-flag changes this
   by allocating bit 15 as the KSK bit.

2.1.2 The Protocol Field

   The Protocol Field MUST have value 3.

2.1.3 The Algorithm Field

   The Algorithm field identifies the public key's cryptographic
   algorithm and determines the format of the Public Key field.  A list
   of DNSSEC algorithm types can be found in Appendix A.1

2.1.4 The Public Key Field

   The Public Key Field holds the public key material.

2.1.5 Notes on KEY RDATA Design

   Although the Protocol Field always has value 3, it is retained for
   backward compatibility with an earlier version of the KEY record.

2.2 The KEY RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Flag field is represented as an unsigned decimal integer with a
   value of either 0 or 256.

   The Protocol Field is represented as an unsigned decimal integer with
   a value of 3.

   The Algorithm field is represented either as an unsigned decimal
   integer or as an algorithm mnemonic as specified in Appendix A.1.

   The Public Key field is represented as a Base64 encoding of the
   Public Key.  Whitespace is allowed within the Base64 text.  For a
   definition of Base64 encoding, see [3] Section 5.2.

2.3 KEY RR Example

   The following KEY RR stores a DNS zone key for example.com.




Arends, et al.           Expires August 26, 2003                [Page 7]


Internet-Draft           DNSSEC Resource Records           February 2003


   example.com. 86400 IN KEY 256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3Cbl
                                       +BBZH4b/0PY1kxkmvHjcZc8nokfzj31
                                       GajIQKY+5CptLr3buXA10hWqTkF7H6R
                                       foRqXQeogmMHfpftf6zMv1LyBUgia7z
                                       a6ZEzOJBOztyvhjL742iU/TpPSEDhm2
                                       SNKLijfUppn1UaNvv4w==   )

   The first four text fields specify the owner name, TTL, Class, and RR
   type (KEY).  Value 256 indicates that the Zone Key bit (bit 7) in the
   Flags field has value 1.  Value 3 is the fixed Protocol value.  Value
   5 indicates the public key algorithm.  Appendix A.1 identifies
   algorithm type 5 as RSA/SHA1 and indicates that the format of the
   RSA/SHA1 public key field is defined in [8].  The remaining text is a
   base 64 encoding of the public key.





































Arends, et al.           Expires August 26, 2003                [Page 8]


Internet-Draft           DNSSEC Resource Records           February 2003


3. The SIG Resource Record

   DNSSEC uses public key cryptography to sign and authenticate DNS
   resource record sets (RRsets).  Signatures are stored in SIG resource
   records and are used in the DNSSEC authentication process described
   in [11].  In a typical example, a zone signs its authoritative RRsets
   using a private key and stores the corresponding signatures in SIG
   RRs.  A resolver can then use these SIG RRs to authenticate RRsets
   from the zone.

   A SIG record contains the signature for an RRset with a particular
   name, class, and type.  The SIG RR specifies a validity interval for
   the signature and uses the Algorithm, the Signer's Name, and the Key
   Tag to identify the public key (KEY RR) that can be used to verify
   the signature.

   The SIG RR may cover a transaction instead of an RRset.  In this
   case, the "Type Covered" field value is 0, the SIG RR MUST NOT appear
   in any zone, and its use and processing are outside the scope of this
   document.  Please see [7] for further details.

   The Type value for the SIG RR type is 24.

   The SIG RR MUST have the same class as the RRset it covers.

   The SIG RR TTL value SHOULD match the TTL value of the RRset it
   covers.

3.1 SIG RDATA Wire Format

   The RDATA for a SIG RR consists of a 2 octet Type Covered field, a 1
   octet Algorithm field, a 1 octet Labels field, a 4 octet Original TTL
   field, a 4 octet Signature Expiration field, a 4 octet Signature
   Inception field, a 2 octet Key tag, the Signer's Name field, and the
   Signature field.

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Type Covered           |  Algorithm    |     Labels    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Original TTL                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Signature Expiration                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Signature Inception                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Key Tag            |                               /



Arends, et al.           Expires August 26, 2003                [Page 9]


Internet-Draft           DNSSEC Resource Records           February 2003


   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+         Signer's Name         /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                            Signature                          /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


3.1.1 The Type Covered Field

   The Type Covered field identifies the type of the RRset which is
   covered by this SIG record.

   If Type Covered field has a value of 0, the record is referred to as
   a transaction signature; please see [7] for further details.

3.1.2 The Algorithm Number Field

   The Algorithm Number field identifies the cryptographic algorithm
   used to create the signature.  A list of DNSSEC algorithm types can
   be found in Appendix A.1

3.1.3 The Labels Field

   The Labels field specifies the number of labels in the original SIG
   RR owner name.  It is included to handle signatures associated with
   wildcard owner names.

   To validate a signature, the validator requires the original owner
   name that was used when the signature was created.  If the original
   owner name contains a wildcard label ("*"), the owner name may have
   been expanded by the server during the response process, in which
   case the validator will need to reconstruct the original owner name
   in order to validate the signature.  [11] describes how to use the
   Labels field to reconstruct the original owner name.

   The value of the Label field MUST NOT count either the null (root)
   label that terminates the owner name or the wildcard label (if
   present).  The value of the Label field MUST be less than or equal to
   the number of labels in the SIG owner name.  For example,
   "www.example.com." has a Label field value of 3, and "*.example.com."
   has a Label field value of 2.  Root (".") has a Label field value of
   0.

   Note that, although the wildcard label is not included in the count
   stored in the Label field of the SIG RR, the wildcard label is part
   of the RRset's owner name when generating or verifying the signature.



Arends, et al.           Expires August 26, 2003               [Page 10]


Internet-Draft           DNSSEC Resource Records           February 2003


3.1.4 Original TTL Field

   The Original TTL field specifies the TTL of the covered RRset as it
   appears in the authoritative zone.

   The Original TTL field is necessary because a caching resolver
   decrements the TTL value of a cached RRset.  In order to validate a
   signature, a resolver requires the original TTL.  [11] describes how
   to use the Original TTL field value to reconstruct the original TTL.

   The Original TTL value MUST be greater than or equal to the TTL value
   of the SIG record itself.

3.1.5 Signature Expiration and Inception Fields

   The Signature Expiration and Inception fields specify a validity
   period for the signature.  The SIG record MUST NOT be used for
   authentication prior to the inception date and MUST NOT be used for
   authentication after the expiration date.

   Signature Expiration and Inception field values are in POSIX.1 time
   format, a 32-bit unsigned number of seconds elapsed since 1 January
   1970 00:00:00 UTC, ignoring leap seconds, in network byte order.  The
   longest interval which can be expressed by this format without
   wrapping is approximately 136 years.  A SIG RR can have an Expiration
   field value which is numerically smaller than the Inception field
   value if the expiration field value is near the 32-bit wrap-around
   point or if the signature is long lived.  Because of this, all
   comparisons involving these fields MUST use "Serial number
   arithmetic" as defined in [4].  As a direct consequence, the values
   contained in these fields cannot refer to dates more than 68 years in
   either the past or the future.

3.1.6 The Key Tag Field

   The Key Tag field contains the key tag value of the KEY RR that
   validates this signature.  The process of calculating the Key Tag
   value is given in Appendix B.

3.1.7 The Signer's Name Field

   The Signer's Name field value identifies the owner name of the KEY RR
   used to authenticate this signature.  The Signer's Name field MUST
   contain the name of the zone of the covered RRset, unless the Type
   Covered field value is 0.  A sender MUST NOT use DNS name compression
   on the Signer's Name field when transmitting a SIG RR.  A receiver
   which receives a SIG RR containing a compressed Signer's Name field
   SHOULD decompress the field value.



Arends, et al.           Expires August 26, 2003               [Page 11]


Internet-Draft           DNSSEC Resource Records           February 2003


3.1.8 The Signature Field

   The Signature field contains the cryptographic signature which covers
   the SIG RDATA (excluding the Signature field) and the RRset specified
   by the SIG owner name, SIG class, and SIG Type Covered field.

3.1.8.1 Signature Calculation

   A signature covers the SIG RDATA (excluding the Signature Field) and
   covers the RRset specified by the SIG owner name, SIG class, and SIG
   Type Covered field.  The RRset is in canonical form (see Section 6)
   and the set RR(1),...RR(n) is signed as follows:

         signature = sign(SIG_RDATA | RR(1) | RR(2)... ) where

            "|" denotes concatenation;

            SIG_RDATA is the wire format of the SIG RDATA fields with
               the Signer's Name field in canonical form and
               the Signature field excluded;

            RR(i) = owner | class | type | TTL | RDATA length | RDATA;

               "owner" is the fully qualified owner name of the RRset in
               canonical form (for RRs with wildcard owner names, the
               wildcard label is included in the owner name);

               Each RR MUST have the same owner name as the SIG RR;

               Each RR MUST have the same class as the SIG RR;

               Each RR in the RRset MUST have the RR type listed in the
               SIG RR's Type Covered field;

               Each RR in the RRset MUST have the TTL listed in the SIG
               Original TTL Field;

               Any DNS names in the RDATA field of each RR MUST be in
               canonical form; and

               The RRset MUST be sorted in canonical order.


3.2 The SIG RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Type Covered field value is represented either as an unsigned



Arends, et al.           Expires August 26, 2003               [Page 12]


Internet-Draft           DNSSEC Resource Records           February 2003


   decimal integer or as the mnemonic for the covered RR type.

   The Algorithm field value is represented either as an unsigned
   decimal  integer or as an algorithm mnemonic as specified in Appendix
   A.1.

   The Labels field value is represented as an unsigned decimal integer.

   The Original TTL field value is represented as an unsigned decimal
   integer.

   The Signature Inception Time and Expiration Time field values are
   represented in the form YYYYMMDDHHmmSS in UTC, where:

      YYYY is the year (0000-9999, but see Section 3.1.5);

      MM is the month number (01-12);

      DD is the day of the month (01-31);

      HH is the hour in 24 hours notation (00-23);

      mm is the minute (00-59);

      SS is the second (00-59).

   The Key Tag field is represented as an unsigned decimal integer.

   The Signer's Name field value is represented as a fully qualified
   domain name.

   The Signature field is represented as a Base64 encoding of the
   signature.  Whitespace is allowed within the Base64 text.  For a
   definition of Base64 encoding see [3] Section 5.2.

3.3 SIG RR Example

   The following a SIG RR stores the signature for the A RRset of
   host.example.com:

   host.example.com. 86400 IN SIG A 5 3 86400 20030322173103 (
                                  20030220173103 2642 example.com.
                                  oJB1W6WNGv+ldvQ3WDG0MQkg5IEhjRip8WTr
                                  PYGv07h108dUKGMeDPKijVCHX3DDKdfb+v6o
                                  B9wfuh3DTJXUAfI/M0zmO/zz8bW0Rznl8O3t
                                  GNazPwQKkRN20XPXV6nwwfoXmJQbsLNrLfkG
                                  J5D6fwFm8nN+6pBzeDQfsS3Ap3o= )




Arends, et al.           Expires August 26, 2003               [Page 13]


Internet-Draft           DNSSEC Resource Records           February 2003


   The first four fields specify the owner name, TTL, Class, and RR type
   (SIG).  The "A" represents the Type Covered field.  The value 5
   identifies the Algorithm used (RSA-SHA1) to create the signature.
   The value 3 is the number of Labels in the original owner name.  The
   value 86400 in the SIG RDATA is the Original TTL for the covered A
   RRset.  20030322173103 and 20030220173103 are the expiration and
   inception dates, respectively.  2642 is the Key Tag, and example.com.
   is the Signer's Name.  The remaining text is a Base64 encoding of the
   signature.

   Note that combination of SIG RR owner name, class, and Type Covered
   indicate that this SIG covers the "host.example.com" A RRset.  The
   Label value of 3 indicates that no wildcard expansion was used.  The
   Algorithm, Signer's Name, and Key Tag indicate this signature can be
   authenticated using an example.com zone KEY RR whose algorithm is 5
   and key tag is 2642.



































Arends, et al.           Expires August 26, 2003               [Page 14]


Internet-Draft           DNSSEC Resource Records           February 2003


4. The NXT Resource Record

   The NXT resource record lists two separate things: the owner name of
   the next authoritative RRset in the canonical ordering of the zone,
   and the set of RR types present at the NXT RR's owner name.  The
   complete set of NXT RRs in a zone both indicate which authoritative
   RRsets exist in a zone and also form a chain of authoritative owner
   names in the zone.  This information is used to provide authenticated
   denial of existence for DNS data, as described in [11].

   The type value for the NXT RR is 30.

   The NXT RR is class independent.

4.1 NXT RDATA Wire Format

   The RDATA of the NXT RR is as shown below:

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                      Next Domain Name                         /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                        Type Bit Map                           /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


4.1.1 The Next Domain Name Field

   The Next Domain Name field contains the owner name of the next
   authoritative RRset in the canonical ordering of the zone; see
   Section 6.1 for an explanation of canonical ordering.  The value of
   the Next Domain Name field in the last NXT record in the zone is the
   name of the zone apex (the owner name name of the zone's SOA RR).

   A sender MUST NOT use DNS name compression on the Next Domain Name
   field when transmitting an NXT RR.  A receiver which receives an NXT
   RR containing a compressed Next Domain Name field SHOULD decompress
   the field value.

   Owner names of non-authoritative RRsets (such as glue records) MUST
   NOT be listed in the Next Domain Name unless at least one
   authoritative RRset exists at the same owner name.

4.1.2 The Type Bit Map Field

   The Type Bit Map field identifies the RRset types which exist at the
   NXT RR's owner name.



Arends, et al.           Expires August 26, 2003               [Page 15]


Internet-Draft           DNSSEC Resource Records           February 2003


   Each bit in the Type Bit Map field corresponds to an RR type.  Bit 1
   corresponds to RR type 1 (A), bit 2 corresponds to RR type 2 (NS),
   and so forth.  If a bit is set to 1, it indicates that an RRset of
   that type is present for the NXT's owner name.  If a bit is set to 0,
   it indicates that no RRset of that type present for the NXT's owner
   name.

   Bit 1 MUST NOT indicate glue address records.

   Bit 41 MUST have the value of 0, since the OPT pseudo-RR [6] can
   never appear in zone data.

   Trailing zero octets MUST be omitted.  The length of the Type Bit Map
   field varies, and is determined by the type code with the largest
   numerical value among the set of RR types present at the NXT RR's
   owner name.  Trailing zero octets not specified MUST be interpreted
   as zero octets.

   The above Type Bit Map format MUST NOT be used when an RR type code
   with numerical value greater than 127 is present.

   Bit 0 in the Type Bit Map field indicates the Type Bit Map format.  A
   value of 0 in bit 0 denotes the format described above, therefore bit
   0 MUST have a value of 0.  The format and meaning of a Type Bit Map
   with a value of 1 in bit 0 is undefined.

4.1.3 Inclusion of Wildcard Names in NXT RDATA

   If a wildcard owner name appears in a zone, the wildcard label ("*")
   is treated as a literal symbol and is treated the same as any other
   owner name for purposes of generating NXT RRs.  Wildcard owner names
   appear in the Next Domain Name field without any wildcard expansion.
   [11] describes the impact of wildcards on authenticated denial of
   existence.

4.2 The NXT RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Next Domain Name field is represented as a domain name.

   The Type Bit Map field is represented either as a sequence of RR type
   mnemonics or as a sequence of unsigned decimal integers denoting the
   RR type codes.

4.3 NXT RR Example

   The following NXT RR identifies the RRsets associated with



Arends, et al.           Expires August 26, 2003               [Page 16]


Internet-Draft           DNSSEC Resource Records           February 2003


   alfa.example.com.  and identifies the next authoritative name after
   alfa.example.com.

   alfa.example.com. 86400 IN NXT host.example.com. A MX SIG NXT

   The first four text fields specify the name, TTL, Class, and RR type
   (NXT).  The entry host.example.com.  is the next authoritative name
   after alfa.example.com.  (in canonical order).  The A, MX, SIG and
   NXT mnemonics indicate there are A, MX, SIG and NXT RRsets associated
   with the name alfa.example.com.

   Note the NXT record can be used for authenticated denial of
   existence.  If the example NXT record were authenticated, it could be
   used to prove that beta.example.com.  does not exist, or could be
   used to prove there is no AAAA record associated with
   alfa.example.com.  Authenticated denial of existence is discussed in
   [11]


































Arends, et al.           Expires August 26, 2003               [Page 17]


Internet-Draft           DNSSEC Resource Records           February 2003


5. The DS Resource Record

   The DS Resource Record refers to a KEY RR and is used in the DNS KEY
   authentication process.  A DS RR refers to a KEY RR by storing the
   key tag, algorithm number, and a digest of KEY RR.  Note that while
   the digest should be sufficient to identify the key, storing the key
   tag and key algorithm helps make the identification process more
   efficient.  By authenticating the DS record, a resolver can
   authenticate the KEY RR to which the DS record points.  The key
   authentication process is described in [11].

   The DS RR and its corresponding KEY RR have the same owner name, but
   they are stored in different locations.  The DS RR appears only on
   the upper (parental) side of a delegation, and is authoritative data
   in the parent zone.  For example, the DS RR for "example.com" is
   stored in the "com" zone (the parent zone) rather than in the
   "example.com" zone (the child zone).  The corresponding KEY RR is
   stored in the "example.com" zone (the child zone).  This simplifies
   DNS zone management and zone signing, but introduces special response
   processing requirements for the DS RR; these are described in [11].

   The type number for the DS record is 43.

   The DS resource record is class independent.

   There are no special TTL requirements on the DS resource record.

5.1 DS RDATA Wire Format

   The RDATA for a DS RR consists of 2 octet Key Tag field, a one octet
   Algorithm field, a one octet Digest Type field, and a Digest field.

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Key Tag             |  Algorithm    |  Digest Type  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                            Digest                             /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


5.1.1 The Key Tag Field

   The Key Tag field lists the key tag of the KEY RR referred to by the
   DS record.  The KEY RR MUST be a zone key.  The KEY RR Flags MUST
   have Flags bit 7 set to value 1.



Arends, et al.           Expires August 26, 2003               [Page 18]


Internet-Draft           DNSSEC Resource Records           February 2003


   The Key Tag used by the DS RR is identical to the Key Tag used by the
   SIG RR and Appendix B describes how to compute a Key Tag.

5.1.2 The Algorithm Field

   The Algorithm field lists the algorithm number of the KEY RR referred
   to by the DS record.

   The algorithm number used by the DS RR is identical to the algorithm
   number used by the SIG RR and KEY RR.  Appendix A.1 lists the
   algorithm number types.

5.1.3 The Digest Type Field

   The DS RR refers to a KEY RR by including a digest of that KEY RR.
   The Digest Type field identifies the algorithm used to construct the
   digest and Appendix A.2 lists the possible digest algorithm types.

5.1.4 The Digest Field

   The DS record refers to a KEY RR by including a digest of that KEY
   RR.  The Digest field holds the digest.

   The digest is calculated by concatenating the canonical form of the
   fully qualified owner name of the KEY RR (abbreviated below as "key
   RR name") with the KEY RDATA, and then applying the digest algorithm.

     digest = digest_algorithm( KEY RR name | KEY RDATA);

      "|" denotes concatenation

     KEY_RR_rdata = Flags | Protocol | Algorithm | Public Key.


   The size of the digest may vary depending on the digest algorithm and
   KEY RR size.  Currently, the defined digest algorithm is SHA-1, which
   produces a 20 octet digest.

5.2 The DS RR Presentation Format

   The presentation format of the RDATA portion is as follows:

   The Key Tag field is represented as an unsigned decimal integer.

   The Algorithm field is represented either as an unsigned decimal
   integer or as an algorithm mnemonic specified in Appendix A.1.

   The Digest Type field is represented as an unsigned decimal integer.



Arends, et al.           Expires August 26, 2003               [Page 19]


Internet-Draft           DNSSEC Resource Records           February 2003


   The Digest is represented as a sequence of case-insensitive
   hexadecimal digits.  Whitespace is allowed within the hexadecimal
   text.

5.3 DS RR Example

   The following example shows a KEY RR and its corresponding DS RR.

   dskey.example.com. 86400 IN KEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz
                                             fwJr1AYtsmx3TGkJaNXVbfi/
                                             2pHm822aJ5iI9BMzNXxeYCmZ
                                             DRD99WYwYqUSdjMmmAphXdvx
                                             egXd/M5+X7OrzKBaMbCVdFLU
                                             Uh6DhweJBjEVv5f2wwjM9Xzc
                                             nOf+EPbtG9DMBmADjFDc2w/r
                                             ljwvFw==
                                             ) ;  key id = 60485

   dskey.example.com. 86400 IN DS 60485 5 1 ( 2BB183AF5F22588179A53B0A
                                              98631FAD1A292118 )


   The first four text fields specify the name, TTL, Class, and RR type
   (DS).  Value 60485 is the key tag for the corresponding
   "dskey.example.com." KEY RR, and value 5 denotes the algorithm used
   by this "dskey.example.com." KEY RR.  The value 1 is the algorithm
   used to construct the digest, and the rest of the RDATA text is the
   digest in hexadecimal.























Arends, et al.           Expires August 26, 2003               [Page 20]


Internet-Draft           DNSSEC Resource Records           February 2003


6. Canonical Form and Order of Resource Records

   This section defines a canonical form for resource records, a
   canonical ordering of DNS names, and a canonical ordering of resource
   records within an RRset.  A canonical name order is required to
   construct the NXT name chain.  A canonical RR form and ordering
   within an RRset are required to construct and verify SIG RRs.

6.1 Canonical DNS Name Order

   For purposes of DNS security, owner names are ordered by treating
   individual labels as unsigned left-justified octet strings.  The
   absence of a octet sorts before a zero value octet, and upper case
   US-ASCII letters are treated as if they were lower case US-ASCII
   letters.

   To compute the canonical ordering of a set of DNS names, start by
   sorting the names according to their most significant (rightmost)
   labels.  For names in which the most significant label is identical,
   continue sorting according to their next most significant label, and
   so forth.

   For example, the following names are sorted in canonical DNS name
   order.  The most significant label is "example".  At this level,
   "example" sorts first, followed by names ending in "a.example", then
   names ending "z.example".  The names within each level are sorted in
   the same way.

             example
             a.example
             yljkjljk.a.example
             Z.a.example
             zABC.a.EXAMPLE
             z.example
             \001.z.example
             *.z.example
             \200.z.example


6.2 Canonical RR Form

   For purposes of DNS security, the canonical form of an RR is the wire
   format of the RR where:

   1.  Every domain name in the RR is fully expanded (no DNS name
       compression) and fully qualified;

   2.  All uppercase US-ASCII letters in the owner name of the RR are



Arends, et al.           Expires August 26, 2003               [Page 21]


Internet-Draft           DNSSEC Resource Records           February 2003


       replaced by the corresponding lowercase US-ASCII letters;

   3.  If the type of the RR is NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
       HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX,
       SRV, DNAME, or A6, all uppercase US-ASCII letters in the DNS
       names within the RDATA of the RR are replaced by the
       corresponding lowercase US-ASCII letters;

   4.  If the owner name of the RR is a wildcard name, the owner name is
       in its original unexpanded form, including the "*" label (no
       wildcard substitution); and

   5.  The RR's TTL is set to its original value as it appears in the
       authoritative zone containing the RR or the Original TTL field of
       the covering SIG RR.

   Editors' Note: the above definition sacrifices readability for an
   attempt at precision.  Please send better text!

6.3 Canonical RR Ordering Within An RRset

   For purposes of DNS security, RRs with same owner name, same class,
   and same type are sorted by sorting the canonical forms of the RRs
   while treating the RDATA portion of the canonical form of each RR as
   a left justified unsigned octet sequence.  The absence of an octet
   sorts before the zero octet.

























Arends, et al.           Expires August 26, 2003               [Page 22]


Internet-Draft           DNSSEC Resource Records           February 2003


7. IANA Considerations

   This document introduces one new IANA consideration.  RFC 2535 [14]
   created an IANA registry for DNS Security Algorithm Numbers.  This
   document re-assigns DNS Security Algorithm Number 252 to be
   "reserved".  This value is no longer available for assignment by
   IANA.

   This document clarifies the use of existing DNS resource records.
   For completeness, the IANA considerations from the previous documents
   which defined these resource records are summarized below.  No IANA
   changes are made by this document other than the one change described
   in the first paragraph of this section.

   [14] updated the IANA registry for DNS Resource Record Types, and
   assigned types 24,25, and 30 to the SIG, KEY, and NXT RRs,
   respectively.  [9] assigned DNS Resource Record Type 43 to DS.

   [14] created an IANA registry for DNSSEC Resource Record Algorithm
   Numbers.  Values to 1-4, and 252-255 were assigned by [14].  Value 5
   was assigned by [8].  Value 252 is re-assigned by this document, as
   noted above.

   [9] created an IANA registry for DNSSEC DS Digest Types, and assigned
   value 0 to reserved and value 1 to SHA-1.

   [14] created an IANA Registry for KEY Protocol Values, but [16] re-
   assigned all assigned values other than 3 to reserved and closed this
   IANA registry.  The registry remains closed, and all KEY records are
   required to have Protocol Octet value of 3.

   The Flag bits in the KEY RR are not assigned by IANA, and there is no
   IANA registry for these flags.  All changes to the meaning of the KEY
   RR Flag bits require a standards action.

   The meaning of a value of 1 in bit zero of the Type Bit Map of an NXT
   RR can only be assigned by a standards action.














Arends, et al.           Expires August 26, 2003               [Page 23]


Internet-Draft           DNSSEC Resource Records           February 2003


8. Security Considerations

   This document describes the format of four DNS resource records used
   by the DNS security extensions, and presents an algorithm for
   calculating a key tag for a public key.  Other than the items
   described below, the resource records themselves introduce no
   security considerations.  The use of these records is specified in a
   separate document, and security considerations related to the use
   these resource records are discussed in that document.

   The DS record points to a KEY RR using a cryptographic digest, the
   key algorithm type and a key tag.  The DS record is intended to
   identify an existing KEY RR, but it is theoretically possible for an
   attacker to generate a KEY that matches all the DS fields.  The
   probability of constructing such a matching KEY depends on the type
   of digest algorithm in use.  The only currently defined digest
   algorithm is SHA-1, and the working group believes that constructing
   a public key which would match the algorithm, key tag, and SHA-1
   digest given in a DS record would be a sufficiently difficult problem
   that such an attack is not a serious threat at this time.

   The key tag is used to help select KEY resource records efficiently,
   but it does not uniquely identify a single KEY resource record.  It
   is possible for two distinct KEY RRs to have the same owner name, the
   same algorithm type, and the same key tag.  An implementation which
   used only the key tag to select a KEY RR might select the wrong
   public key in some circumstances.  Implementations MUST NOT assume
   the key tag is unique public key identifier; this is clearly stated
   in Appendix B.






















Arends, et al.           Expires August 26, 2003               [Page 24]


Internet-Draft           DNSSEC Resource Records           February 2003


9. Acknowledgments

   This document was created from the input and ideas of several members
   of the DNS Extensions Working Group and working group mailing list.
   The co-authors of this draft would like to express their thanks for
   the comments and suggestions received during the revision of these
   security extension specifications.












































Arends, et al.           Expires August 26, 2003               [Page 25]


Internet-Draft           DNSSEC Resource Records           February 2003


Normative References

   [1]   Mockapetris, P., "Domain names - concepts and facilities", STD
         13, RFC 1034, November 1987.

   [2]   Mockapetris, P., "Domain names - implementation and
         specification", STD 13, RFC 1035, November 1987.

   [3]   Borenstein, N. and N. Freed, "MIME (Multipurpose Internet Mail
         Extensions) Part One: Mechanisms for Specifying and Describing
         the Format of Internet Message Bodies", RFC 1521, September
         1993.

   [4]   Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
         August 1996.

   [5]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [6]   Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
         August 1999.

   [7]   Eastlake, D., "DNS Request and Transaction Signatures (
         SIG(0)s)", RFC 2931, September 2000.

   [8]   Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name
         System (DNS)", RFC 3110, May 2001.

   [9]   Gudmundsson, O., "Delegation Signer Resource Record", draft-
         ietf-dnsext-delegation-signer-12 (work in progress), December
         2002.

   [10]  Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose,
         "DNS Security Introduction and Requirements", draft-ietf-
         dnsext-dnssec-intro-05 (work in progress), February 2003.

   [11]  Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose,
         "Protocol Modifications for the DNS Security Extensions",
         draft-ietf-dnsext-dnssec-protocol-00 (work in progress),
         Februari 2003.

   [12]  Gustafsson, A., "Handling of Unknown DNS RR Types", draft-ietf-
         dnsext-unknown-rrs-04 (work in progress), September 2002.

   [13]  Kosters, M., Blacka, D. and R. Arends, "DNSSEC Opt-in", draft-
         ietf-dnsext-dnssec-opt-in-04 (work in progress), February 2003.





Arends, et al.           Expires August 26, 2003               [Page 26]


Internet-Draft           DNSSEC Resource Records           February 2003


Informative References

   [14]  Eastlake, D., "Domain Name System Security Extensions", RFC
         2535, March 1999.

   [15]  Eastlake, D., "Secret Key Establishment for DNS (TKEY RR)", RFC
         2930, September 2000.

   [16]  Massey, D. and S. Rose, "Limiting the Scope of the KEY Resource
         Record (RR)", RFC 3445, December 2002.


Authors' Addresses

   Roy Arends
   Telematica Instituut
   Drienerlolaan 5
   7522 NB  Enschede
   NL

   EMail: roy.arends@telin.nl


   Rob Austein
   Internet Software Consortium
   40 Gavin Circle
   Reading, MA  01867
   USA

   EMail: sra@isc.org


   Matt Larson
   VeriSign, Inc.
   21345 Ridgetop Circle
   Dulles, VA  20166-6503
   USA

   EMail: mlarson@verisign.com


   Dan Massey
   USC Information Sciences Institute
   3811 N. Fairfax Drive
   Arlington, VA  22203
   USA

   EMail: masseyd@isi.edu



Arends, et al.           Expires August 26, 2003               [Page 27]


Internet-Draft           DNSSEC Resource Records           February 2003


   Scott Rose
   National Institute for Standards and Technology
   100 Bureau Drive
   Gaithersburg, MD  20899-8920
   USA

   EMail: scott.rose@nist.gov












































Arends, et al.           Expires August 26, 2003               [Page 28]


Internet-Draft           DNSSEC Resource Records           February 2003


Appendix A. DNSSEC Algorithm and Digest Types

   The DNS security extensions are designed to be independent of the
   underlying cryptographic algorithms.  The KEY, SIG, and DS resource
   records all use a DNSSEC Algorithm Number to identify the
   cryptographic algorithm in use by the resource record.   The DS
   resource record also specifies a Digest Algorithm Number to identify
   the digest algorithm used to construct the DS record.  The currently
   defined Algorithm and Digest Types are listed below.  Additional
   Algorithm or Digest Types could be added as advances in cryptography
   warrant.

   A DNSSEC aware resolver or name server MUST implement all MANDATORY
   algorithms.

A.1 DNSSEC Algorithm Types

   An "Algorithm Number" field in the KEY, SIG, and DS resource record
   types identifies the cryptographic algorithm used by the resource
   record.   Algorithm specific formats are described in separate
   documents.  The following table lists the currently defined algorithm
   types and provides references to their supporting documents:

   VALUE   Algorithm                  RFC          STATUS
   0      Reserved                    -            -
   1      RSA/MD5                     RFC 2537     NOT RECOMMENDED
   2      Diffie-Hellman              RFC 2539     OPTIONAL
   3      DSA                         RFC 2536     OPTIONAL
   4      elliptic curve              TBA          OPTIONAL
   5      RSA/SHA1                    RFC 3110     MANDATORY
   6-251  available for assignment    -
   252    reserved                    -
   253    private                     see below    OPTIONAL
   254    private                     see below    OPTIONAL
   255    reserved                    -            -


A.1.1 Private Algorithm Types

   Algorithm number 253 is reserved for private use and will never be
   assigned to a specific algorithm.  The public key area in the KEY RR
   and the signature area in the SIG RR begin with a wire encoded domain
   name.  Only local domain name compression is permitted.  The domain
   name indicates the private algorithm to use and the remainder of the
   public key area is determined by that algorithm.  Entities should
   only use domain names they control to designate their private
   algorithms.




Arends, et al.           Expires August 26, 2003               [Page 29]


Internet-Draft           DNSSEC Resource Records           February 2003


   Algorithm number 254 is reserved for private use and will never be
   assigned to a specific algorithm.  The public key area in the KEY RR
   and the signature area in the SIG RR begin with an unsigned length
   byte followed by a BER encoded Object Identifier (ISO OID) of that
   length.  The OID indicates the private algorithm in use and the
   remainder of the area is whatever is required by that algorithm.
   Entities should only use OIDs they control to designate their private
   algorithms.

A.2 DNSSEC Digest Types

   A "Digest Type" field in the DS resource record types identifies the
   cryptographic digest algorithm used by the resource record.   The
   following table lists the currently defined digest algorithm types.

              VALUE   Algorithm                 STATUS
                0      Reserved                   -
                1      SHA-1                   MANDATORY
              2-255    Unassigned                 -
































Arends, et al.           Expires August 26, 2003               [Page 30]


Internet-Draft           DNSSEC Resource Records           February 2003


Appendix B. Key Tag Calculation

   The Key Tag field in the SIG and DS resource record types provides a
   mechanism for selecting a public key efficiently.  In most cases, a
   combination of owner name, algorithm, and key tag can efficiently
   identify a KEY record.  Both the SIG and DS resource records have
   corresponding KEY records.  The Key Tag field in the SIG and DS
   records can be used to help select the corresponding KEY RR
   efficiently when more than one candidate KEY RR is available.

   However, it is essential to note that the key tag is not a unique
   identifier.  It is theoretically possible for two distinct KEY RRs to
   have the same owner name, the same algorithm, and the same key tag.
   The key tag is used to limit the possible candidate keys, but it does
   not uniquely identify a KEY record.  Implementations MUST NOT assume
   that the key tag uniquely identifies a KEY RR.

   The key tag is the same for all KEY algorithm types except algorithm
   1 (please see Appendix B.1 for the definition of the key tag for
   algorithm 1).  For all algorithms other than algorithm 1, the key tag
   is defined to be the output which would be generated by running the
   ANSI C function shown below with the RDATA portion of the KEY RR as
   input.  It is not necessary to use the following reference code
   verbatim, but the numerical value of the Key Tag MUST be identical to
   what the reference implementation would generate for the same input.

   Please note that the algorithm for calculating the Key Tag is almost
   but not completely identical to the familiar ones complement checksum
   used in many other Internet protocols.  Key Tags MUST be calculated
   using the algorithm described below rather than the ones complement
   checksum.

   The following ANSI C reference implementation calculates the value of
   a Key Tag.  This reference implementation applies to all algorithm
   types except algorithm 1 (see Appendix B.1).  The input is the wire
   format of the RDATA portion of the KEY RR.  The code is written for
   clarity, not efficiency.














Arends, et al.           Expires August 26, 2003               [Page 31]


Internet-Draft           DNSSEC Resource Records           February 2003


   /*
    * Assumes that int is at least 16 bits.
    * First octet of the key tag is the most significant 8 bits of the
    * return value;
    * Second octet of the key tag is the least significant 8 bits of the
    * return value.
    */

   unsigned int
   keytag (
           unsigned char key[],  /* the RDATA part of the KEY RR */
           unsigned int keysize  /* the RDLENGTH */
          )
   {
           unsigned long ac;     /* assumed to be 32 bits or larger */
           int i;                /* loop index */

           for ( ac = 0, i = 0; i < keysize; ++i )
                   ac += (i & 1) ? key[i] : key[i] << 8;
           ac += (ac >> 16) & 0xFFFF;
           return ac & 0xFFFF;
   }


B.1 Key Tag for Algorithm 1 (RSA/MD5)

   The key tag for algorithm 1 (RSA/MD5) is defined differently than the
   key tag for all other algorithms, for historical reasons.  For a KEY
   RR with algorithm 1, the key tag is defined to be the most
   significant 16 bits of the least significant 24 bits in the public
   key modulus (in other words, the 4th to last and 3rd to last octets
   of the public key modulus).

   Please note that Algorithm 1 is NOT RECOMMENDED.

















Arends, et al.           Expires August 26, 2003               [Page 32]


Internet-Draft           DNSSEC Resource Records           February 2003


Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Arends, et al.           Expires August 26, 2003               [Page 33]


Html markup produced by rfcmarkup 1.128b, available from https://tools.ietf.org/tools/rfcmarkup/