 1/draftietfdnsextecckey01.txt 20060204 23:10:31.000000000 +0100
+++ 2/draftietfdnsextecckey02.txt 20060204 23:10:31.000000000 +0100
@@ 1,17 +1,17 @@
INTERNETDRAFT ECC Keys in the DNS
Expires: May 2002 November 2001
+Expires: November 2002 May 2002
Elliptic Curve KEYs in the DNS
     

+
Richard C. Schroeppel
Donald Eastlake 3rd
Status of This Document
This draft is intended to be become a Proposed Standard RFC.
Distribution of this document is unlimited. Comments should be sent
to the DNS mailing list or to the
authors.
@@ 67,22 +67,21 @@
Authors' Addresses........................................14
Expiration and File Name..................................14
INTERNETDRAFT ECC Keys in the DNS
1. Introduction
The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and
other information. The DNS has been extended to include digital
 signatures and cryptographic keys as described in [RFC 2535]. Thus
 the DNS can now be secured and used for key distribution.
+ signatures and cryptographic keys as described in [RFC 2535].
This document describes how to store elliptic curve cryptographic
(ECC) keys in the DNS so they can be used for a variety of security
purposes. A DNS elliptic curve SIG resource record is not defined.
Familiarity with ECC cryptography is assumed [Menezes].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
@@ 252,37 +251,37 @@
octetorder is always mostsignificant first, leastsignificant last.
The parameters H and K may have an optional sign bit stored in the
unused highorder bit of their length fields.
LP defines the length of the prime P. P must be an odd prime. The
parameters LP,P are present if and only if the flag M=1. If M=0, the
prime is 2.
LF,F define an explicit field polynomial. This parameter pair is
present only when FMT = 1. The length of a polynomial coefficient is
 ceiling(log2 P) bits. Coefficients are in the numerical range [0,P
 1]. The coefficients are packed into fixedwidth fields, from higher
 order to lower order. All coefficients must be present, including
 any 0s and also the leading coefficient (which is required to be 1).
 The coefficients are right justified into the octet string of length
 specified by LF, with the loworder "constant" coefficient at the
 right end. As a concession to storage efficiency, the higher order
 bits of the leading coefficient may be elided, discarding highorder
 0 octets and reducing LF. The degree is calculated by determining
+ ceiling(log2 P) bits. Coefficients are in the numerical range
+ [0,P1]. The coefficients are packed into fixedwidth fields, from
+ higher order to lower order. All coefficients must be present,
+ including any 0s and also the leading coefficient (which is required
+ to be 1). The coefficients are right justified into the octet string
+ of length specified by LF, with the loworder "constant" coefficient
+ at the right end. As a concession to storage efficiency, the higher
+ order bits of the leading coefficient may be elided, discarding high
+ order 0 octets and reducing LF. The degree is calculated by
INTERNETDRAFT ECC Keys in the DNS
 the bit position of the left most 1bit in the F data (counting the
 right most bit as position 0), and dividing by ceiling(log2 P). The
 division must be exact, with no remainder. In this format, all of
 the other degree and field parameters are omitted. The next
 parameters will be LQ,Q.
+ determining the bit position of the left most 1bit in the F data
+ (counting the right most bit as position 0), and dividing by
+ ceiling(log2 P). The division must be exact, with no remainder. In
+ this format, all of the other degree and field parameters are
+ omitted. The next parameters will be LQ,Q.
If FMT>=2, the degree of the field extension is specified explicitly,
usually along with other parameters to define the field polynomial.
DEG is a two octet field that defines the degree of the field
extension. The finite field will have P^DEG elements. DEG is
present when FMT>=2.
When FMT=2, the field polynomial is specified implicitly. No other
parameters are required to define the field; the next parameters
@@ 512,22 +511,23 @@
7. IANA Considerations
Assignment of meaning to the remaining ECC KEY flag bits or to values
of ECC fields outside the ranges for which meaning in defined in this
document requires an IETF consensus as defined in [RFC 2434].
This specification uses algorithm number 4 for DNS elliptic curve KEY
INTERNETDRAFT ECC Keys in the DNS
 RRs that was reserved for this purpose in RFC 2535. An elliptic
 curve (algorithm = 4) SIG RR is not defined and is reserved.
+ RRs that was reserved for this purpose in [RFC 2535]. An elliptic
+ curve (algorithm = 4) SIG RR is not defined. Assignment of a meaning
+ to it requires an IETF Standards action.
INTERNETDRAFT ECC Keys in the DNS
References
[RFC 1034]  P. Mockapetris, "Domain names  concepts and
facilities", 11/01/1987.
[RFC 1035]  P. Mockapetris, "Domain names  implementation and
specification", 11/01/1987.
@@ 537,22 +537,22 @@
[RFC 2119]  S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
[RFC 2434]  T. Narten, H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", October 1998.
[RFC 2535]  D. Eastlake,"Domain Name System Security Extensions",
March 1999.
 [RFC 2671]  P. Vixie, "Extension Mechanisms for DNS (EDNS0)",
 August 1999.
+ [RFC 2671]  P. Vixie, "Extension Mechanisms for DNS (EDNS0)", August
+ 1999.
[Schneier]  Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C", 1996, John Wiley and Sons
[Menezes]  Alfred Menezes, "Elliptic Curve Public Key
Cryptosystems", 1993 Kluwer.
[Silverman]  Joseph Silverman, "The Arithmetic of Elliptic Curves",
1986, Springer Graduate Texts in mathematics #106.
@@ 568,19 +568,19 @@
15058449079(w)
Email: rcs@cs.arizona.edu
rschroe@sandia.gov
Donald E. Eastlake 3rd
Motorola
155 Beaver Street
Milford, MA 01757 USA
Telephone: +1 5086342066(h)
 +1 5082615434(w)
 FAX: +1 5082614447(w)
+ +1 5088518280 (w)
+ FAX: +1 5088518507 (w)
EMail: Donald.Eastlake@motorola.com
Expiration and File Name
 This draft expires in May 2002.
+ This draft expires in November 2002.
 Its file name is draftietfdnsextecckey01.txt.
+ Its file name is draftietfdnsextecckey02.txt.