draft-ietf-dnsext-ecc-key-03.txt   draft-ietf-dnsext-ecc-key-04.txt 
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
Expires: June 2003 December 2002 Expires: February 2004 August 2003
Elliptic Curve KEYs in the DNS Elliptic Curve KEYs in the DNS
-------- ----- ---- -- --- --- -------- ----- ---- -- --- ---
<draft-ietf-dnsext-ecc-key-03.txt> <draft-ietf-dnsext-ecc-key-04.txt>
Richard C. Schroeppel Richard C. Schroeppel
Donald Eastlake 3rd Donald Eastlake 3rd
Status of This Document Status of This Document
This draft is intended to be become a Proposed Standard RFC. This draft is intended to be become a Proposed Standard RFC.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNS mailing list <namedroppers@internic.com> or to the to the DNS mailing list <namedroppers@internic.com> or to the
authors. authors.
This document is an Internet-Draft and is in full conformance with This document is an Internet Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. Internet-Drafts are all provisions of Section 10 of RFC 2026. Internet Drafts are
working documents of the Internet Engineering Task Force (IETF), its working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
A standard method for storing elliptic curve cryptographic keys in A standard method for storing elliptic curve cryptographic keys in
the Domain Name System is described which utilizes DNS KEY resource the Domain Name System is described.
record.
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
Acknowledgement Acknowledgement
The assistance of Hilarie K. Orman in the production of this document The assistance of Hilarie K. Orman in the production of this document
is greatfully acknowledged. is greatfully acknowledged.
Table of Contents Table of Contents
Status of This Document....................................1 Status of This Document....................................1
Abstract...................................................1 Abstract...................................................1
Acknowledgement............................................2 Acknowledgement............................................2
Table of Contents..........................................2 Table of Contents..........................................2
1. Introduction............................................3 1. Introduction............................................3
2. Elliptic Curve KEY Resource Records.....................3 2. Elliptic Curve Data in Resource Records.................3
3. The Elliptic Curve Equation.............................9 3. The Elliptic Curve Equation.............................9
4. How do I Compute Q, G, and Y?..........................10 4. How do I Compute Q, G, and Y?..........................10
5. Performance Considerations.............................11 5. Performance Considerations.............................11
6. Security Considerations................................11 6. Security Considerations................................11
7. IANA Considerations....................................11 7. IANA Considerations....................................11
References................................................13 Informational References..................................12
Normative Refrences.......................................12
Authors' Addresses........................................14 Authors' Addresses........................................13
Expiration and File Name..................................14 Expiration and File Name..................................13
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
1. Introduction 1. Introduction
The Domain Name System (DNS) is the global hierarchical replicated The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and distributed database system for Internet addressing, mail proxy, and
other information. The DNS has been extended to include digital other information. The DNS has been extended to include digital
signatures and cryptographic keys as described in [RFC 2535]. signatures and cryptographic keys as described in [RFC 2535].
This document describes how to store elliptic curve cryptographic This document describes how to store elliptic curve cryptographic
(ECC) keys in the DNS so they can be used for a variety of security (ECC) keys in the DNS so they can be used for a variety of security
purposes. A DNS elliptic curve SIG resource record is not defined. purposes. A DNS elliptic curve SIG resource record is not defined.
Familiarity with ECC cryptography is assumed [Menezes]. Familiarity with ECC cryptography is assumed [Menezes].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119]. document are to be interpreted as described in [RFC 2119].
2. Elliptic Curve KEY Resource Records 2. Elliptic Curve Data in Resource Records
Elliptic curve public keys are stored in the DNS as KEY RRs using Elliptic curve public keys are stored in the DNS within the RDATA
algorithm number 4 (see [RFC 2535]). The structure of the RDATA portions of RRs with the structure shown below.
portion of this RR is as shown below. The first 4 octets, including
the flags, protocol, and algorithm fields are common to all KEY RRs.
The remainder is the "public key" part of the KEY RR.
The period of key validity is not in the KEY RR but is indicated by The period of key validity may not be in the RR with the key but
the SIG RR(s) which signs and authenticates the KEY RR(s) at that could be indicated by RR(s) with signatures that authenticates the
domain name and class. RR(s) containing the key.
The research world continues to work on the issue of which is the The research world continues to work on the issue of which is the
best elliptic curve system, which finite field to use, and how to best elliptic curve system, which finite field to use, and how to
best represent elements in the field. So, we have defined best represent elements in the field. So, we have defined
representations for every type of finite field, and every type of representations for every type of finite field, and every type of
elliptic curve. The reader should be aware that there is a unique elliptic curve. The reader should be aware that there is a unique
finite field with a particular number of elements, but many possible finite field with a particular number of elements, but many possible
representations of that field and its elements. If two different representations of that field and its elements. If two different
representations of a field are given, they are interconvertible with representations of a field are given, they are interconvertible with
a tedious but practical precomputation, followed by a fast a tedious but practical precomputation, followed by a fast
computation for each field element to be converted. It is perfectly computation for each field element to be converted. It is perfectly
reasonable for an algorithm to work internally with one field reasonable for an algorithm to work internally with one field
representation, and convert to and from a different external representation, and convert to and from a different external
representation. representation.
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| KEY flags | protocol | algorithm=4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S M -FMT- A B Z| |S M -FMT- A B Z|
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| LP | | LP |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| P (length determined from LP) .../ | P (length determined from LP) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LF | | LF |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| F (length determined from LF) .../ | F (length determined from LF) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 5, line 4 skipping to change at page 4, line 55
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ALTA | | ALTA |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LB | | LB |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| B (length determined from LB) .../ | B (length determined from LB) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LC | | LC |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| C (length determined from LC) .../ | C (length determined from LC) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LG |
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LG |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| G (length determined from LG) .../ | G (length determined from LG) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LY | | LY |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Y (length determined from LY) .../ | Y (length determined from LY) .../
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
SMFMTABZ is a flags octet as follows: SMFMTABZ is a flags octet as follows:
S = 1 indicates that the remaining 7 bits of the octet selects S = 1 indicates that the remaining 7 bits of the octet selects
skipping to change at page 6, line 17 skipping to change at page 6, line 17
A = 1 When P>=5, the curve parameter A is negated. If P=2, then A = 1 When P>=5, the curve parameter A is negated. If P=2, then
A=1 indicates that the A parameter is special. See the A=1 indicates that the A parameter is special. See the
ALTA parameter below, following A. The combination A=1, ALTA parameter below, following A. The combination A=1,
P=3 is forbidden. P=3 is forbidden.
B = 1 When P>=5, the curve parameter B is negated. If P=2 or 3, B = 1 When P>=5, the curve parameter B is negated. If P=2 or 3,
then B=1 indicates an alternate elliptic curve equation is then B=1 indicates an alternate elliptic curve equation is
used. When P=2 and B=1, an additional curve parameter C used. When P=2 and B=1, an additional curve parameter C
is present. is present.
The Z bit SHOULD be set to zero on creation of KEY RR and MUST The Z bit SHOULD be set to zero on creation of an RR and MUST be
be ignored when processing a KEY RR (when S=0). ignored when processing an RR (when S=0).
Most of the remaining parameters are present in some formats and Most of the remaining parameters are present in some formats and
absent in others. The presence or absence of a parameter is absent in others. The presence or absence of a parameter is
determined entirely by the flags. When a parameter occurs, it is in determined entirely by the flags. When a parameter occurs, it is in
the order defined by the picture. the order defined by the picture.
Of the remaining parameters, PFHKQABCGY are variable length. When Of the remaining parameters, PFHKQABCGY are variable length. When
present, each is preceded by a one-octet length field as shown in the present, each is preceded by a one-octet length field as shown in the
diagram above. The length field does not include itself. The length diagram above. The length field does not include itself. The length
field may have values from 0 through 110. The parameter length in field may have values from 0 through 110. The parameter length in
skipping to change at page 11, line 31 skipping to change at page 11, line 31
Elliptic curve signatures use smaller moduli or field sizes than RSA Elliptic curve signatures use smaller moduli or field sizes than RSA
and DSA. Creation of a curve is slow, but not done very often. Key and DSA. Creation of a curve is slow, but not done very often. Key
generation is faster than RSA or DSA. generation is faster than RSA or DSA.
DNS implementations have been optimized for small transfers, DNS implementations have been optimized for small transfers,
typically less than 512 octets including DNS overhead. Larger typically less than 512 octets including DNS overhead. Larger
transfers will perform correctly and and extensions have been transfers will perform correctly and and extensions have been
standardized to make larger transfers more efficient [RFC 2671]. standardized to make larger transfers more efficient [RFC 2671].
However, it is still advisable at this time to make reasonable However, it is still advisable at this time to make reasonable
efforts to minimize the size of KEY RR sets stored within the DNS efforts to minimize the size of RR sets stored within the DNS
consistent with adequate security. Keep in mind that in a secure consistent with adequate security.
zone, an authenticating SIG RRset will also be returned.
6. Security Considerations 6. Security Considerations
Many of the general security consideration in [RFC 2535] apply. Some Many of the general security consideration in [RFC 2535] apply. Some
specific key generation considerations are given above. Of course, specific key generation considerations are given above. Of course,
the elliptic curve key stored in the DNS for an entity should not be the elliptic curve key stored in the DNS for an entity should not be
trusted unless it has been obtain via a trusted DNS resolver that trusted unless it has been obtain via a trusted DNS resolver that
vouches for its security or unless the application using the key has vouches for its security or unless the application using the key has
done a similar authentication. done a similar authentication.
7. IANA Considerations 7. IANA Considerations
Assignment of meaning to the remaining ECC KEY flag bits or to values Assignment of meaning to the remaining ECC data flag bits or to
of ECC fields outside the ranges for which meaning in defined in this values of ECC fields outside the ranges for which meaning in defined
document requires an IETF consensus as defined in [RFC 2434]. in this document requires an IETF consensus as defined in [RFC 2434].
This specification uses algorithm number 4 for DNS elliptic curve KEY
INTERNET-DRAFT ECC Keys in the DNS
RRs that was reserved for this purpose in [RFC 2535]. An elliptic
curve (algorithm = 4) SIG RR is not defined. Assignment of a meaning
to it requires an IETF Standards action.
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
References Informational References
[RFC 1034] - P. Mockapetris, "Domain names - concepts and [RFC 1034] - P. Mockapetris, "Domain names - concepts and
facilities", 11/01/1987. facilities", 11/01/1987.
[RFC 1035] - P. Mockapetris, "Domain names - implementation and [RFC 1035] - P. Mockapetris, "Domain names - implementation and
specification", 11/01/1987. specification", 11/01/1987.
[RFC 1750] - D. Eastlake, S. Crocker, J. Schiller, "Randomness [RFC 1750] - D. Eastlake, S. Crocker, J. Schiller, "Randomness
Recommendations for Security", 12/29/1994. Recommendations for Security", 12/29/1994.
[RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
[RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", October 1998.
[RFC 2535] - D. Eastlake,"Domain Name System Security Extensions", [RFC 2535] - D. Eastlake,"Domain Name System Security Extensions",
March 1999. March 1999.
[RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", August [RFC 2671] - P. Vixie, "Extension Mechanisms for DNS (EDNS0)", August
1999. 1999.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C", 1996, John Wiley and Sons Algorithms, and Source Code in C", 1996, John Wiley and Sons
[Menezes] - Alfred Menezes, "Elliptic Curve Public Key [Menezes] - Alfred Menezes, "Elliptic Curve Public Key
Cryptosystems", 1993 Kluwer. Cryptosystems", 1993 Kluwer.
[Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves", [Silverman] - Joseph Silverman, "The Arithmetic of Elliptic Curves",
1986, Springer Graduate Texts in mathematics #106. 1986, Springer Graduate Texts in mathematics #106.
Normative Refrences
[RFC 2119] - S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
[RFC 2434] - T. Narten, H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", October 1998.
INTERNET-DRAFT ECC Keys in the DNS INTERNET-DRAFT ECC Keys in the DNS
Authors' Addresses Authors' Addresses
Rich Schroeppel Rich Schroeppel
500 S. Maple Drive 500 S. Maple Drive
Woodland Hills, UT 84653 USA Woodland Hills, UT 84653 USA
Telephone: 1-801-423-7998(h) Telephone: 1-801-423-7998(h)
1-505-844-9079(w) 1-505-844-9079(w)
Email: rcs@cs.arizona.edu Email: rcs@cs.arizona.edu
rschroe@sandia.gov rschroe@sandia.gov
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Motorola Motorola
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1 508-634-2066 (h) Telephone: +1 508-634-2066 (h)
+1 508-851-8280 (w) +1 508-851-8280 (w)
FAX: +1 508-851-8507 (w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in June 2003. This draft expires in February 2004.
Its file name is draft-ietf-dnsext-ecc-key-03.txt. Its file name is draft-ietf-dnsext-ecc-key-04.txt.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/