draft-ietf-dnsext-dnssec-rsasha256-00.txt | draft-ietf-dnsext-dnssec-rsasha256-01.txt | |||
---|---|---|---|---|
DNS Extensions working group J. Jansen | DNS Extensions working group J. Jansen | |||
Internet-Draft NLnet Labs | Internet-Draft NLnet Labs | |||
Expires: July 5, 2006 January 2006 | Expires: July 5, 2006 January 2006 | |||
Use of RSA/SHA-256 DNSKEY and RRSIG Resource Records in DNSSEC | Use of RSA/SHA-256 DNSKEY and RRSIG Resource Records in DNSSEC | |||
draft-ietf-dnsext-dnssec-rsasha256-00 | draft-ietf-dnsext-dnssec-rsasha256-01 | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 2, line 8 | skipping to change at page 2, line 8 | |||
Abstract | Abstract | |||
This document describes how to produce RSA/SHA-256 DNSKEY and RRSIG | This document describes how to produce RSA/SHA-256 DNSKEY and RRSIG | |||
resource records for use in the Domain Name System Security | resource records for use in the Domain Name System Security | |||
Extensions (DNSSEC, RFC4033, RFC4034, and RFC4035). | Extensions (DNSSEC, RFC4033, RFC4034, and RFC4035). | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . . . 3 | 2. RSA/SHA-256 DNSKEY Resource Records . . . . . . . . . . . . . 3 | |||
3. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . . . 3 | 3. RSA/SHA-256 RRSIG Resource Records . . . . . . . . . . . . . . 3 | |||
4. Implementation Considerations . . . . . . . . . . . . . . . . . 4 | 4. Implementation Considerations . . . . . . . . . . . . . . . . 4 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 | |||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6.1 SHA-1 versus SHA-256 Considerations for RRSIG resource | |||
records . . . . . . . . . . . . . . . . . . . . . . . . . 4 | ||||
6.2 Signature Type Downgrade Attacks . . . . . . . . . . . . . 5 | ||||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 | ||||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
8.1. Normative References . . . . . . . . . . . . . . . . . . . 5 | 8.1 Normative References . . . . . . . . . . . . . . . . . . . 5 | |||
8.2. Informative References . . . . . . . . . . . . . . . . . . 5 | 8.2 Informative References . . . . . . . . . . . . . . . . . . 6 | |||
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 7 | Intellectual Property and Copyright Statements . . . . . . . . 7 | |||
1. Introduction | 1. Introduction | |||
The Domain Name System (DNS) is the global hierarchical distributed | The Domain Name System (DNS) is the global hierarchical distributed | |||
database for Internet Addressing. The DNS has been extended to use | database for Internet Addressing. The DNS has been extended to use | |||
digital signatures and cryptographic keys for the verification of | digital signatures and cryptographic keys for the verification of | |||
data. RFC4033 [1], RFC4034 [2], and RFC4035 [3] describe these DNS | data. RFC4033 [1], RFC4034 [2], and RFC4035 [3] describe these DNS | |||
Security Extensions. | Security Extensions. | |||
RFC4034 describes how to store DNSKEY and RRSIG resource records, and | RFC4034 describes how to store DNSKEY and RRSIG resource records, and | |||
skipping to change at page 4, line 40 | skipping to change at page 4, line 38 | |||
The algorithm list from RFC4034 Appendix A.1 [2] is extended with the | The algorithm list from RFC4034 Appendix A.1 [2] is extended with the | |||
following entry: | following entry: | |||
Zone | Zone | |||
Value Algorithm [Mnemonic] Signing References Status | Value Algorithm [Mnemonic] Signing References Status | |||
----- ----------- ----------- -------- ---------- --------- | ----- ----------- ----------- -------- ---------- --------- | |||
[tba] RSA/SHA-256 [RSASHA256] y [TBA] MANDATORY | [tba] RSA/SHA-256 [RSASHA256] y [TBA] MANDATORY | |||
6. Security Considerations | 6. Security Considerations | |||
Recently, weaknesses have been discovered in the SHA-1 hashing | 6.1 SHA-1 versus SHA-256 Considerations for RRSIG resource records | |||
algorithm. It is therefore strongly encouraged to deploy SHA-256 | ||||
where SHA-1 is used now, as soon as the DNS software supports it. | Users of DNSSEC are encouraged to deploy SHA-256 as soon as software | |||
implementations allow for it. SHA-256 is widely believed to be more | ||||
resilient to attack than SHA-1, and confidence in SHA-1's strength is | ||||
being eroded by recently-announced attacks. Regardless of whether or | ||||
not the attacks on SHA-1 will affect DNSSEC, it is believed (at the | ||||
time of this writing) that SHA-256 is the better choice for use in DS | ||||
records. | ||||
SHA-256 is considered sufficiently strong for the immediate future, | SHA-256 is considered sufficiently strong for the immediate future, | |||
but predictions about future development in cryptography and | but predictions about future development in cryptography and | |||
cryptanalysis are beyond the scope of this document. | cryptanalysis are beyond the scope of this document. | |||
6.2 Signature Type Downgrade Attacks | ||||
Since each RRset MUST be signed with each algorithm present in the | ||||
DNSKEY RRset at the zone apex (see [3] Section 2.2), a malicious | ||||
party cannot filter out the RSA/SHA256 RRSIG, and force the validator | ||||
to use the RSA/SHA1 signature if both are present in the zone. | ||||
Together with the implementation considerations from Section 4 of | ||||
this document, this provides resilience against algorithm downgrade | ||||
attacks, if the validator supports RSA/SHA256. | ||||
7. Acknowledgments | 7. Acknowledgments | |||
This document is a minor extension to RFC4034 [2]. Also, we try to | This document is a minor extension to RFC4034 [2]. Also, we try to | |||
follow the documents RFC3110 [6] and draft-ietf-dnsext-ds-sha256.txt | follow the documents RFC3110 [6] and draft-ietf-dnsext-ds-sha256.txt | |||
[8] for consistency. The authors of and contributors to these | [8] for consistency. The authors of and contributors to these | |||
documents are gratefully acknowledged for their hard work. | documents are gratefully acknowledged for their hard work. | |||
The following people provided additional feedback and text: Jaap | The following people provided additional feedback and text: Jaap | |||
Akkerhuis, Miek Gieben and Wouter Wijngaards. | Akkerhuis, Rob Austein, Miek Gieben and Wouter Wijngaards. | |||
8. References | 8. References | |||
8.1. Normative References | 8.1 Normative References | |||
[1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | [1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | |||
"DNS Security Introduction and Requirements", RFC 4033, | "DNS Security Introduction and Requirements", RFC 4033, | |||
March 2005. | March 2005. | |||
[2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | [2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | |||
"Resource Records for the DNS Security Extensions", RFC 4034, | "Resource Records for the DNS Security Extensions", RFC 4034, | |||
March 2005. | March 2005. | |||
[3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | [3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, | |||
skipping to change at page 5, line 41 | skipping to change at page 6, line 5 | |||
[4] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards | [4] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards | |||
(PKCS) #1: RSA Cryptography Specifications Version 2.1", | (PKCS) #1: RSA Cryptography Specifications Version 2.1", | |||
RFC 3447, February 2003. | RFC 3447, February 2003. | |||
[5] National Institute of Standards and Technology, "Secure Hash | [5] National Institute of Standards and Technology, "Secure Hash | |||
Standard", FIPS PUB 180-2, August 2002. | Standard", FIPS PUB 180-2, August 2002. | |||
[6] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name | [6] Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name | |||
System (DNS)", RFC 3110, May 2001. | System (DNS)", RFC 3110, May 2001. | |||
8.2. Informative References | 8.2 Informative References | |||
[7] Schneier, B., "Applied Cryptography Second Edition: protocols, | [7] Schneier, B., "Applied Cryptography Second Edition: protocols, | |||
algorithms, and source code in C", Wiley and Sons , ISBN 0-471- | algorithms, and source code in C", Wiley and Sons , ISBN 0-471- | |||
11709-9, 1996. | 11709-9, 1996. | |||
[8] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) | [8] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) | |||
Resource Records (RRs)", Work in Progress Feb 2006. | Resource Records (RRs)", Work in Progress Feb 2006. | |||
Author's Address | Author's Address | |||
End of changes. 9 change blocks. | ||||
16 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |