draft-ietf-dnsext-rfc2539bis-dhk-00.txt | draft-ietf-dnsext-rfc2539bis-dhk-01.txt | |||
---|---|---|---|---|

INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||

OBSOLETES: RFC 2539 Donald Eastlake 3rd | OBSOLETES: RFC 2539 Donald Eastlake 3rd | |||

Motorola | Motorola | |||

Expires: January 2002 July 2001 | Expires: May 2002 November 2001 | |||

Storage of Diffie-Hellman Keys in the Domain Name System (DNS) | Storage of Diffie-Hellman Keys in the Domain Name System (DNS) | |||

------- -- -------------- ---- -- --- ------ ---- ------ ----- | ------- -- -------------- ---- -- --- ------ ---- ------ ----- | |||

<draft-ietf-dnsext-rfc2539bis-dhk-00.txt> | <draft-ietf-dnsext-rfc2539bis-dhk-01.txt> | |||

Donald E. Eastlake 3rd | Donald E. Eastlake 3rd | |||

Status of This Document | Status of This Document | |||

This draft is intended to be become a Draft Standard RFC. | This draft is intended to be become a Draft Standard RFC. | |||

Distribution of this document is unlimited. Comments should be sent | Distribution of this document is unlimited. Comments should be sent | |||

to the DNS extensions working group mailing list | to the DNS extensions working group mailing list | |||

<namedroppers@ops.ietf.org> or to the author. | <namedroppers@ops.ietf.org> or to the author. | |||

skipping to change at page 4, line 9 | skipping to change at page 4, line 9 | |||

Appendix A: Well known prime/generator pairs...............8 | Appendix A: Well known prime/generator pairs...............8 | |||

A.1. Well-Known Group 1: A 768 bit prime..................8 | A.1. Well-Known Group 1: A 768 bit prime..................8 | |||

A.2. Well-Known Group 2: A 1024 bit prime.................8 | A.2. Well-Known Group 2: A 1024 bit prime.................8 | |||

A.3. Well-Known Group 3: A 1536 bit prime.................9 | A.3. Well-Known Group 3: A 1536 bit prime.................9 | |||

INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||

1. Introduction | 1. Introduction | |||

The Domain Name System (DNS) is the current global hierarchical | The Domain Name System (DNS) is the global hierarchical replicated | |||

replicated distributed database system for Internet addressing, mail | distributed database system for Internet addressing, mail proxy, and | |||

proxy, and similar information. The DNS has been extended to include | similar information. The DNS has been extended to include digital | |||

digital signatures and cryptographic keys as described in [RFC 2535]. | signatures and cryptographic keys as described in [RFC 2535]. Thus | |||

Thus the DNS can now be used for secure key distribution. | the DNS can now be secured and used for key distribution. | |||

1.1 About This Document | 1.1 About This Document | |||

This document describes how to store Diffie-Hellman keys in the DNS. | This document describes how to store Diffie-Hellman keys in the DNS. | |||

Familiarity with the Diffie-Hellman key exchange algorithm is assumed | Familiarity with the Diffie-Hellman key exchange algorithm is assumed | |||

[Schneier]. | [Schneier, RFC 2631]. | |||

1.2 About Diffie-Hellman | 1.2 About Diffie-Hellman | |||

Diffie-Hellman requires two parties to interact to derive keying | Diffie-Hellman requires two parties to interact to derive keying | |||

information which can then be used for authentication. Since DNS SIG | information which can then be used for authentication. Since DNS SIG | |||

RRs are primarily used as stored authenticators of zone information | RRs are primarily used as stored authenticators of zone information | |||

for many different resolvers, no Diffie-Hellman algorithm SIG RR is | for many different resolvers, no Diffie-Hellman algorithm SIG RR is | |||

defined. For example, assume that two parties have local secrets "i" | defined. For example, assume that two parties have local secrets "i" | |||

and "j". Assume they each respectively calculate X and Y as follows: | and "j". Assume they each respectively calculate X and Y as follows: | |||

skipping to change at page 7, line 47 | skipping to change at page 7, line 47 | |||

155 Beaver Street | 155 Beaver Street | |||

Milford, MA 01757 USA | Milford, MA 01757 USA | |||

Telephone: +1-508-261-5434 (w) | Telephone: +1-508-261-5434 (w) | |||

+1-508-634-2066 (h) | +1-508-634-2066 (h) | |||

FAX: +1-508-261-4447 (w) | FAX: +1-508-261-4447 (w) | |||

EMail: Donald.Eastlake@motorola.com | EMail: Donald.Eastlake@motorola.com | |||

Expiration and File Name | Expiration and File Name | |||

This draft expires in January 2002. | This draft expires in May 2002. | |||

Its file name is draft-ietf-dnsext-rfc2539bis-dhk-00.txt. | Its file name is draft-ietf-dnsext-rfc2539bis-dhk-01.txt. | |||

INTERNET-DRAFT Diffie-Hellman Keys in the DNS | INTERNET-DRAFT Diffie-Hellman Keys in the DNS | |||

Appendix A: Well known prime/generator pairs | Appendix A: Well known prime/generator pairs | |||

These numbers are copied from the IPSEC effort where the derivation of | These numbers are copied from the IPSEC effort where the derivation of | |||

these values is more fully explained and additional information is available. | these values is more fully explained and additional information is available. | |||

Richard Schroeppel performed all the mathematical and computational | Richard Schroeppel performed all the mathematical and computational | |||

work for this appendix. | work for this appendix. | |||

End of changes. | ||||

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |