draft-ietf-dnsext-ecc-key-01.txt   draft-ietf-dnsext-ecc-key-02.txt 
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
Expires: May 2002 November 2001 Expires: November 2002 May 2002
Elliptic Curve KEYs in the DNS Elliptic Curve KEYs in the DNS
-------- ----- ---- -- --- --- -------- ----- ---- -- --- ---
<draft-ietf-dnsext-ecc-key-01.txt> <draft-ietf-dnsext-ecc-key-02.txt>
Richard C. Schroeppel Richard C. Schroeppel
Donald Eastlake 3rd Donald Eastlake 3rd
Status of This Document Status of This Document
This draft is intended to be become a Proposed Standard RFC. This draft is intended to be become a Proposed Standard RFC.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNS mailing list <namedroppers@internic.com> or to the to the DNS mailing list <namedroppers@internic.com> or to the
authors. authors.
skipping to change at page 3, line 12 skipping to change at page 3, line 12
Authors' Addresses........................................14 Authors' Addresses........................................14
Expiration and File Name..................................14 Expiration and File Name..................................14
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
1. Introduction 1. Introduction
The Domain Name System (DNS) is the global hierarchical replicated The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and distributed database system for Internet addressing, mail proxy, and
other information. The DNS has been extended to include digital other information. The DNS has been extended to include digital
signatures and cryptographic keys as described in [RFC 2535]. Thus signatures and cryptographic keys as described in [RFC 2535].
the DNS can now be secured and used for key distribution.
This document describes how to store elliptic curve cryptographic This document describes how to store elliptic curve cryptographic
(ECC) keys in the DNS so they can be used for a variety of security (ECC) keys in the DNS so they can be used for a variety of security
purposes. A DNS elliptic curve SIG resource record is not defined. purposes. A DNS elliptic curve SIG resource record is not defined.
Familiarity with ECC cryptography is assumed [Menezes]. Familiarity with ECC cryptography is assumed [Menezes].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119]. document are to be interpreted as described in [RFC 2119].
skipping to change at page 6, line 48 skipping to change at page 6, line 48
octet-order is always most-significant first, least-significant last. octet-order is always most-significant first, least-significant last.
The parameters H and K may have an optional sign bit stored in the The parameters H and K may have an optional sign bit stored in the
unused high-order bit of their length fields. unused high-order bit of their length fields.
LP defines the length of the prime P. P must be an odd prime. The LP defines the length of the prime P. P must be an odd prime. The
parameters LP,P are present if and only if the flag M=1. If M=0, the parameters LP,P are present if and only if the flag M=1. If M=0, the
prime is 2. prime is 2.
LF,F define an explicit field polynomial. This parameter pair is LF,F define an explicit field polynomial. This parameter pair is
present only when FMT = 1. The length of a polynomial coefficient is present only when FMT = 1. The length of a polynomial coefficient is
ceiling(log2 P) bits. Coefficients are in the numerical range [0,P- ceiling(log2 P) bits. Coefficients are in the numerical range
1]. The coefficients are packed into fixed-width fields, from higher [0,P-1]. The coefficients are packed into fixed-width fields, from
order to lower order. All coefficients must be present, including higher order to lower order. All coefficients must be present,
any 0s and also the leading coefficient (which is required to be 1). including any 0s and also the leading coefficient (which is required
The coefficients are right justified into the octet string of length to be 1). The coefficients are right justified into the octet string
specified by LF, with the low-order "constant" coefficient at the of length specified by LF, with the low-order "constant" coefficient
right end. As a concession to storage efficiency, the higher order at the right end. As a concession to storage efficiency, the higher
bits of the leading coefficient may be elided, discarding high-order order bits of the leading coefficient may be elided, discarding high-
0 octets and reducing LF. The degree is calculated by determining order 0 octets and reducing LF. The degree is calculated by
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
the bit position of the left most 1-bit in the F data (counting the determining the bit position of the left most 1-bit in the F data
right most bit as position 0), and dividing by ceiling(log2 P). The (counting the right most bit as position 0), and dividing by
division must be exact, with no remainder. In this format, all of ceiling(log2 P). The division must be exact, with no remainder. In
the other degree and field parameters are omitted. The next this format, all of the other degree and field parameters are
parameters will be LQ,Q. omitted. The next parameters will be LQ,Q.
If FMT>=2, the degree of the field extension is specified explicitly, If FMT>=2, the degree of the field extension is specified explicitly,
usually along with other parameters to define the field polynomial. usually along with other parameters to define the field polynomial.
DEG is a two octet field that defines the degree of the field DEG is a two octet field that defines the degree of the field
extension. The finite field will have P^DEG elements. DEG is extension. The finite field will have P^DEG elements. DEG is
present when FMT>=2. present when FMT>=2.
When FMT=2, the field polynomial is specified implicitly. No other When FMT=2, the field polynomial is specified implicitly. No other
parameters are required to define the field; the next parameters parameters are required to define the field; the next parameters
skipping to change at page 12, line 7 skipping to change at page 12, line 7
7. IANA Considerations 7. IANA Considerations
Assignment of meaning to the remaining ECC KEY flag bits or to values Assignment of meaning to the remaining ECC KEY flag bits or to values
of ECC fields outside the ranges for which meaning in defined in this of ECC fields outside the ranges for which meaning in defined in this
document requires an IETF consensus as defined in [RFC 2434]. document requires an IETF consensus as defined in [RFC 2434].
This specification uses algorithm number 4 for DNS elliptic curve KEY This specification uses algorithm number 4 for DNS elliptic curve KEY
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
RRs that was reserved for this purpose in RFC 2535. An elliptic RRs that was reserved for this purpose in [RFC 2535]. An elliptic
curve (algorithm = 4) SIG RR is not defined and is reserved. curve (algorithm = 4) SIG RR is not defined. Assignment of a meaning
to it requires an IETF Standards action.
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
References References
[RFC 1034] - P. Mockapetris, "Domain names - concepts and [RFC 1034] - P. Mockapetris, "Domain names - concepts and
facilities", 11/01/1987. facilities", 11/01/1987.
[RFC 1035] - P. Mockapetris, "Domain names - implementation and [RFC 1035] - P. Mockapetris, "Domain names - implementation and
specification", 11/01/1987. specification", 11/01/1987.
skipping to change at page 13, line 27 skipping to change at page 13, line 27
[RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate [RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997. Requirement Levels", March 1997.
[RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an [RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", October 1998. IANA Considerations Section in RFCs", October 1998.
[RFC 2535] - D. Eastlake,"Domain Name System Security Extensions", [RFC 2535] - D. Eastlake,"Domain Name System Security Extensions",
March 1999. March 1999.
[RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", [RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", August
August 1999. 1999.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C", 1996, John Wiley and Sons Algorithms, and Source Code in C", 1996, John Wiley and Sons
[Menezes] - Alfred Menezes, "Elliptic Curve Public Key [Menezes] - Alfred Menezes, "Elliptic Curve Public Key
Cryptosystems", 1993 Kluwer. Cryptosystems", 1993 Kluwer.
[Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves", [Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves",
1986, Springer Graduate Texts in mathematics #106. 1986, Springer Graduate Texts in mathematics #106.
skipping to change at page 14, line 24 skipping to change at page 14, line 24
1-505-844-9079(w) 1-505-844-9079(w)
Email: rcs@cs.arizona.edu Email: rcs@cs.arizona.edu
rschroe@sandia.gov rschroe@sandia.gov
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Motorola Motorola
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1 508-634-2066(h) Telephone: +1 508-634-2066(h)
+1 508-261-5434(w) +1 508-851-8280 (w)
FAX: +1 508-261-4447(w) FAX: +1 508-851-8507 (w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in May 2002. This draft expires in November 2002.
Its file name is draft-ietf-dnsext-ecc-key-01.txt. Its file name is draft-ietf-dnsext-ecc-key-02.txt.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/