draft-ietf-dnsext-ecc-key-01.txt | draft-ietf-dnsext-ecc-key-02.txt | |||
---|---|---|---|---|

INTERNET-DRAFT ECC Keys in the DNS | INTERNET-DRAFT ECC Keys in the DNS | |||

Expires: May 2002 November 2001 | Expires: November 2002 May 2002 | |||

Elliptic Curve KEYs in the DNS | Elliptic Curve KEYs in the DNS | |||

-------- ----- ---- -- --- --- | -------- ----- ---- -- --- --- | |||

<draft-ietf-dnsext-ecc-key-01.txt> | <draft-ietf-dnsext-ecc-key-02.txt> | |||

Richard C. Schroeppel | Richard C. Schroeppel | |||

Donald Eastlake 3rd | Donald Eastlake 3rd | |||

Status of This Document | Status of This Document | |||

This draft is intended to be become a Proposed Standard RFC. | This draft is intended to be become a Proposed Standard RFC. | |||

Distribution of this document is unlimited. Comments should be sent | Distribution of this document is unlimited. Comments should be sent | |||

to the DNS mailing list <namedroppers@internic.com> or to the | to the DNS mailing list <namedroppers@internic.com> or to the | |||

authors. | authors. | |||

skipping to change at page 3, line 12 | skipping to change at page 3, line 12 | |||

Authors' Addresses........................................14 | Authors' Addresses........................................14 | |||

Expiration and File Name..................................14 | Expiration and File Name..................................14 | |||

INTERNET-DRAFT ECC Keys in the DNS | INTERNET-DRAFT ECC Keys in the DNS | |||

1. Introduction | 1. Introduction | |||

The Domain Name System (DNS) is the global hierarchical replicated | The Domain Name System (DNS) is the global hierarchical replicated | |||

distributed database system for Internet addressing, mail proxy, and | distributed database system for Internet addressing, mail proxy, and | |||

other information. The DNS has been extended to include digital | other information. The DNS has been extended to include digital | |||

signatures and cryptographic keys as described in [RFC 2535]. Thus | signatures and cryptographic keys as described in [RFC 2535]. | |||

the DNS can now be secured and used for key distribution. | ||||

This document describes how to store elliptic curve cryptographic | This document describes how to store elliptic curve cryptographic | |||

(ECC) keys in the DNS so they can be used for a variety of security | (ECC) keys in the DNS so they can be used for a variety of security | |||

purposes. A DNS elliptic curve SIG resource record is not defined. | purposes. A DNS elliptic curve SIG resource record is not defined. | |||

Familiarity with ECC cryptography is assumed [Menezes]. | Familiarity with ECC cryptography is assumed [Menezes]. | |||

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||

document are to be interpreted as described in [RFC 2119]. | document are to be interpreted as described in [RFC 2119]. | |||

skipping to change at page 6, line 48 | skipping to change at page 6, line 48 | |||

octet-order is always most-significant first, least-significant last. | octet-order is always most-significant first, least-significant last. | |||

The parameters H and K may have an optional sign bit stored in the | The parameters H and K may have an optional sign bit stored in the | |||

unused high-order bit of their length fields. | unused high-order bit of their length fields. | |||

LP defines the length of the prime P. P must be an odd prime. The | LP defines the length of the prime P. P must be an odd prime. The | |||

parameters LP,P are present if and only if the flag M=1. If M=0, the | parameters LP,P are present if and only if the flag M=1. If M=0, the | |||

prime is 2. | prime is 2. | |||

LF,F define an explicit field polynomial. This parameter pair is | LF,F define an explicit field polynomial. This parameter pair is | |||

present only when FMT = 1. The length of a polynomial coefficient is | present only when FMT = 1. The length of a polynomial coefficient is | |||

ceiling(log2 P) bits. Coefficients are in the numerical range [0,P- | ceiling(log2 P) bits. Coefficients are in the numerical range | |||

1]. The coefficients are packed into fixed-width fields, from higher | [0,P-1]. The coefficients are packed into fixed-width fields, from | |||

order to lower order. All coefficients must be present, including | higher order to lower order. All coefficients must be present, | |||

any 0s and also the leading coefficient (which is required to be 1). | including any 0s and also the leading coefficient (which is required | |||

The coefficients are right justified into the octet string of length | to be 1). The coefficients are right justified into the octet string | |||

specified by LF, with the low-order "constant" coefficient at the | of length specified by LF, with the low-order "constant" coefficient | |||

right end. As a concession to storage efficiency, the higher order | at the right end. As a concession to storage efficiency, the higher | |||

bits of the leading coefficient may be elided, discarding high-order | order bits of the leading coefficient may be elided, discarding high- | |||

0 octets and reducing LF. The degree is calculated by determining | order 0 octets and reducing LF. The degree is calculated by | |||

INTERNET-DRAFT ECC Keys in the DNS | INTERNET-DRAFT ECC Keys in the DNS | |||

the bit position of the left most 1-bit in the F data (counting the | determining the bit position of the left most 1-bit in the F data | |||

right most bit as position 0), and dividing by ceiling(log2 P). The | (counting the right most bit as position 0), and dividing by | |||

division must be exact, with no remainder. In this format, all of | ceiling(log2 P). The division must be exact, with no remainder. In | |||

the other degree and field parameters are omitted. The next | this format, all of the other degree and field parameters are | |||

parameters will be LQ,Q. | omitted. The next parameters will be LQ,Q. | |||

If FMT>=2, the degree of the field extension is specified explicitly, | If FMT>=2, the degree of the field extension is specified explicitly, | |||

usually along with other parameters to define the field polynomial. | usually along with other parameters to define the field polynomial. | |||

DEG is a two octet field that defines the degree of the field | DEG is a two octet field that defines the degree of the field | |||

extension. The finite field will have P^DEG elements. DEG is | extension. The finite field will have P^DEG elements. DEG is | |||

present when FMT>=2. | present when FMT>=2. | |||

When FMT=2, the field polynomial is specified implicitly. No other | When FMT=2, the field polynomial is specified implicitly. No other | |||

parameters are required to define the field; the next parameters | parameters are required to define the field; the next parameters | |||

skipping to change at page 12, line 7 | skipping to change at page 12, line 7 | |||

7. IANA Considerations | 7. IANA Considerations | |||

Assignment of meaning to the remaining ECC KEY flag bits or to values | Assignment of meaning to the remaining ECC KEY flag bits or to values | |||

of ECC fields outside the ranges for which meaning in defined in this | of ECC fields outside the ranges for which meaning in defined in this | |||

document requires an IETF consensus as defined in [RFC 2434]. | document requires an IETF consensus as defined in [RFC 2434]. | |||

This specification uses algorithm number 4 for DNS elliptic curve KEY | This specification uses algorithm number 4 for DNS elliptic curve KEY | |||

INTERNET-DRAFT ECC Keys in the DNS | INTERNET-DRAFT ECC Keys in the DNS | |||

RRs that was reserved for this purpose in RFC 2535. An elliptic | RRs that was reserved for this purpose in [RFC 2535]. An elliptic | |||

curve (algorithm = 4) SIG RR is not defined and is reserved. | curve (algorithm = 4) SIG RR is not defined. Assignment of a meaning | |||

to it requires an IETF Standards action. | ||||

INTERNET-DRAFT ECC Keys in the DNS | INTERNET-DRAFT ECC Keys in the DNS | |||

References | References | |||

[RFC 1034] - P. Mockapetris, "Domain names - concepts and | [RFC 1034] - P. Mockapetris, "Domain names - concepts and | |||

facilities", 11/01/1987. | facilities", 11/01/1987. | |||

[RFC 1035] - P. Mockapetris, "Domain names - implementation and | [RFC 1035] - P. Mockapetris, "Domain names - implementation and | |||

specification", 11/01/1987. | specification", 11/01/1987. | |||

skipping to change at page 13, line 27 | skipping to change at page 13, line 27 | |||

[RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate | [RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate | |||

Requirement Levels", March 1997. | Requirement Levels", March 1997. | |||

[RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an | [RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an | |||

IANA Considerations Section in RFCs", October 1998. | IANA Considerations Section in RFCs", October 1998. | |||

[RFC 2535] - D. Eastlake,"Domain Name System Security Extensions", | [RFC 2535] - D. Eastlake,"Domain Name System Security Extensions", | |||

March 1999. | March 1999. | |||

[RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", | [RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", August | |||

August 1999. | 1999. | |||

[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, | [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, | |||

Algorithms, and Source Code in C", 1996, John Wiley and Sons | Algorithms, and Source Code in C", 1996, John Wiley and Sons | |||

[Menezes] - Alfred Menezes, "Elliptic Curve Public Key | [Menezes] - Alfred Menezes, "Elliptic Curve Public Key | |||

Cryptosystems", 1993 Kluwer. | Cryptosystems", 1993 Kluwer. | |||

[Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves", | [Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves", | |||

1986, Springer Graduate Texts in mathematics #106. | 1986, Springer Graduate Texts in mathematics #106. | |||

skipping to change at page 14, line 24 | skipping to change at page 14, line 24 | |||

1-505-844-9079(w) | 1-505-844-9079(w) | |||

Email: rcs@cs.arizona.edu | Email: rcs@cs.arizona.edu | |||

rschroe@sandia.gov | rschroe@sandia.gov | |||

Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||

Motorola | Motorola | |||

155 Beaver Street | 155 Beaver Street | |||

Milford, MA 01757 USA | Milford, MA 01757 USA | |||

Telephone: +1 508-634-2066(h) | Telephone: +1 508-634-2066(h) | |||

+1 508-261-5434(w) | +1 508-851-8280 (w) | |||

FAX: +1 508-261-4447(w) | FAX: +1 508-851-8507 (w) | |||

EMail: Donald.Eastlake@motorola.com | EMail: Donald.Eastlake@motorola.com | |||

Expiration and File Name | Expiration and File Name | |||

This draft expires in May 2002. | This draft expires in November 2002. | |||

Its file name is draft-ietf-dnsext-ecc-key-01.txt. | Its file name is draft-ietf-dnsext-ecc-key-02.txt. | |||

End of changes. | ||||

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |