draft-ietf-dnsext-dnssec-rsasha256-00.txt   draft-ietf-dnsext-dnssec-rsasha256-01.txt 
DNS Extensions working group J. Jansen DNS Extensions working group J. Jansen
Internet-Draft NLnet Labs Internet-Draft NLnet Labs
Expires: July 5, 2006 January 2006 Expires: July 5, 2006 January 2006
Use of RSA/SHA-256 DNSKEY and RRSIG Resource Records in DNSSEC Use of RSA/SHA-256 DNSKEY and RRSIG Resource Records in DNSSEC
draft-ietf-dnsext-dnssec-rsasha256-00 draft-ietf-dnsext-dnssec-rsasha256-01
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 8 skipping to change at page 2, line 8
Abstract Abstract
This document describes how to produce RSA/SHA-256 DNSKEY and RRSIG This document describes how to produce RSA/SHA-256 DNSKEY and RRSIG
resource records for use in the Domain Name System Security resource records for use in the Domain Name System Security
Extensions (DNSSEC, RFC4033, RFC4034, and RFC4035). Extensions (DNSSEC, RFC4033, RFC4034, and RFC4035).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . . . 3 2. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . . 3
3. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . . . 3 3. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . . . 3
4. Implementation Considerations . . . . . . . . . . . . . . . . . 4 4. Implementation Considerations . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1 SHA-1 versus SHA-256 Considerations for RRSIG resource
records . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.2 Signature Type Downgrade Attacks . . . . . . . . . . . . . 5
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
8.1. Normative References . . . . . . . . . . . . . . . . . . . 5 8.1 Normative References . . . . . . . . . . . . . . . . . . . 5
8.2. Informative References . . . . . . . . . . . . . . . . . . 5 8.2 Informative References . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 6
Intellectual Property and Copyright Statements . . . . . . . . . . 7 Intellectual Property and Copyright Statements . . . . . . . . 7
1. Introduction 1. Introduction
The Domain Name System (DNS) is the global hierarchical distributed The Domain Name System (DNS) is the global hierarchical distributed
database for Internet Addressing. The DNS has been extended to use database for Internet Addressing. The DNS has been extended to use
digital signatures and cryptographic keys for the verification of digital signatures and cryptographic keys for the verification of
data. RFC4033 [1], RFC4034 [2], and RFC4035 [3] describe these DNS data. RFC4033 [1], RFC4034 [2], and RFC4035 [3] describe these DNS
Security Extensions. Security Extensions.
RFC4034 describes how to store DNSKEY and RRSIG resource records, and RFC4034 describes how to store DNSKEY and RRSIG resource records, and
skipping to change at page 4, line 40 skipping to change at page 4, line 38
The algorithm list from RFC4034 Appendix A.1 [2] is extended with the The algorithm list from RFC4034 Appendix A.1 [2] is extended with the
following entry: following entry:
Zone Zone
Value Algorithm [Mnemonic] Signing References Status Value Algorithm [Mnemonic] Signing References Status
----- ----------- ----------- -------- ---------- --------- ----- ----------- ----------- -------- ---------- ---------
[tba] RSA/SHA-256 [RSASHA256] y [TBA] MANDATORY [tba] RSA/SHA-256 [RSASHA256] y [TBA] MANDATORY
6. Security Considerations 6. Security Considerations
Recently, weaknesses have been discovered in the SHA-1 hashing 6.1 SHA-1 versus SHA-256 Considerations for RRSIG resource records
algorithm. It is therefore strongly encouraged to deploy SHA-256
where SHA-1 is used now, as soon as the DNS software supports it. Users of DNSSEC are encouraged to deploy SHA-256 as soon as software
implementations allow for it. SHA-256 is widely believed to be more
resilient to attack than SHA-1, and confidence in SHA-1's strength is
being eroded by recently-announced attacks. Regardless of whether or
not the attacks on SHA-1 will affect DNSSEC, it is believed (at the
time of this writing) that SHA-256 is the better choice for use in DS
records.
SHA-256 is considered sufficiently strong for the immediate future, SHA-256 is considered sufficiently strong for the immediate future,
but predictions about future development in cryptography and but predictions about future development in cryptography and
cryptanalysis are beyond the scope of this document. cryptanalysis are beyond the scope of this document.
6.2 Signature Type Downgrade Attacks
Since each RRset MUST be signed with each algorithm present in the
DNSKEY RRset at the zone apex (see [3] Section 2.2), a malicious
party cannot filter out the RSA/SHA256 RRSIG, and force the validator
to use the RSA/SHA1 signature if both are present in the zone.
Together with the implementation considerations from Section 4 of
this document, this provides resilience against algorithm downgrade
attacks, if the validator supports RSA/SHA256.
7. Acknowledgments 7. Acknowledgments
This document is a minor extension to RFC4034 [2]. Also, we try to This document is a minor extension to RFC4034 [2]. Also, we try to
follow the documents RFC3110 [6] and draft-ietf-dnsext-ds-sha256.txt follow the documents RFC3110 [6] and draft-ietf-dnsext-ds-sha256.txt
[8] for consistency. The authors of and contributors to these [8] for consistency. The authors of and contributors to these
documents are gratefully acknowledged for their hard work. documents are gratefully acknowledged for their hard work.
The following people provided additional feedback and text: Jaap The following people provided additional feedback and text: Jaap
Akkerhuis, Miek Gieben and Wouter Wijngaards. Akkerhuis, Rob Austein, Miek Gieben and Wouter Wijngaards.
8. References 8. References
8.1. Normative References 8.1 Normative References
[1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"DNS Security Introduction and Requirements", RFC 4033, "DNS Security Introduction and Requirements", RFC 4033,
March 2005. March 2005.
[2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Resource Records for the DNS Security Extensions", RFC 4034, "Resource Records for the DNS Security Extensions", RFC 4034,
March 2005. March 2005.
[3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
skipping to change at page 5, line 41 skipping to change at page 6, line 5
[4] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards [4] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards
(PKCS) #1: RSA Cryptography Specifications Version 2.1", (PKCS) #1: RSA Cryptography Specifications Version 2.1",
RFC 3447, February 2003. RFC 3447, February 2003.
[5] National Institute of Standards and Technology, "Secure Hash [5] National Institute of Standards and Technology, "Secure Hash
Standard", FIPS PUB 180-2, August 2002. Standard", FIPS PUB 180-2, August 2002.
[6] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name [6] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name
System (DNS)", RFC 3110, May 2001. System (DNS)", RFC 3110, May 2001.
8.2. Informative References 8.2 Informative References
[7] Schneier, B., "Applied Cryptography Second Edition: protocols, [7] Schneier, B., "Applied Cryptography Second Edition: protocols,
algorithms, and source code in C", Wiley and Sons , ISBN 0-471- algorithms, and source code in C", Wiley and Sons , ISBN 0-471-
11709-9, 1996. 11709-9, 1996.
[8] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) [8] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS)
Resource Records (RRs)", Work in Progress Feb 2006. Resource Records (RRs)", Work in Progress Feb 2006.
Author's Address Author's Address
 End of changes. 9 change blocks. 
16 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/