draft-ietf-dnsext-rfc2539bis-dhk-00.txt   draft-ietf-dnsext-rfc2539bis-dhk-01.txt 
INTERNET-DRAFT Diffie-Hellman Keys in the DNS INTERNET-DRAFT Diffie-Hellman Keys in the DNS
OBSOLETES: RFC 2539 Donald Eastlake 3rd OBSOLETES: RFC 2539 Donald Eastlake 3rd
Motorola Motorola
Expires: January 2002 July 2001 Expires: May 2002 November 2001
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
------- -- -------------- ---- -- --- ------ ---- ------ ----- ------- -- -------------- ---- -- --- ------ ---- ------ -----
<draft-ietf-dnsext-rfc2539bis-dhk-00.txt> <draft-ietf-dnsext-rfc2539bis-dhk-01.txt>
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Status of This Document Status of This Document
This draft is intended to be become a Draft Standard RFC. This draft is intended to be become a Draft Standard RFC.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNS extensions working group mailing list to the DNS extensions working group mailing list
<namedroppers@ops.ietf.org> or to the author. <namedroppers@ops.ietf.org> or to the author.
skipping to change at page 4, line 9 skipping to change at page 4, line 9
Appendix A: Well known prime/generator pairs...............8 Appendix A: Well known prime/generator pairs...............8
A.1. Well-Known Group 1: A 768 bit prime..................8 A.1. Well-Known Group 1: A 768 bit prime..................8
A.2. Well-Known Group 2: A 1024 bit prime.................8 A.2. Well-Known Group 2: A 1024 bit prime.................8
A.3. Well-Known Group 3: A 1536 bit prime.................9 A.3. Well-Known Group 3: A 1536 bit prime.................9
INTERNET-DRAFT Diffie-Hellman Keys in the DNS INTERNET-DRAFT Diffie-Hellman Keys in the DNS
1. Introduction 1. Introduction
The Domain Name System (DNS) is the current global hierarchical The Domain Name System (DNS) is the global hierarchical replicated
replicated distributed database system for Internet addressing, mail distributed database system for Internet addressing, mail proxy, and
proxy, and similar information. The DNS has been extended to include similar information. The DNS has been extended to include digital
digital signatures and cryptographic keys as described in [RFC 2535]. signatures and cryptographic keys as described in [RFC 2535]. Thus
Thus the DNS can now be used for secure key distribution. the DNS can now be secured and used for key distribution.
1.1 About This Document 1.1 About This Document
This document describes how to store Diffie-Hellman keys in the DNS. This document describes how to store Diffie-Hellman keys in the DNS.
Familiarity with the Diffie-Hellman key exchange algorithm is assumed Familiarity with the Diffie-Hellman key exchange algorithm is assumed
[Schneier]. [Schneier, RFC 2631].
1.2 About Diffie-Hellman 1.2 About Diffie-Hellman
Diffie-Hellman requires two parties to interact to derive keying Diffie-Hellman requires two parties to interact to derive keying
information which can then be used for authentication. Since DNS SIG information which can then be used for authentication. Since DNS SIG
RRs are primarily used as stored authenticators of zone information RRs are primarily used as stored authenticators of zone information
for many different resolvers, no Diffie-Hellman algorithm SIG RR is for many different resolvers, no Diffie-Hellman algorithm SIG RR is
defined. For example, assume that two parties have local secrets "i" defined. For example, assume that two parties have local secrets "i"
and "j". Assume they each respectively calculate X and Y as follows: and "j". Assume they each respectively calculate X and Y as follows:
skipping to change at page 7, line 47 skipping to change at page 7, line 47
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-261-5434 (w) Telephone: +1-508-261-5434 (w)
+1-508-634-2066 (h) +1-508-634-2066 (h)
FAX: +1-508-261-4447 (w) FAX: +1-508-261-4447 (w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in January 2002. This draft expires in May 2002.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-00.txt. Its file name is draft-ietf-dnsext-rfc2539bis-dhk-01.txt.
INTERNET-DRAFT Diffie-Hellman Keys in the DNS INTERNET-DRAFT Diffie-Hellman Keys in the DNS
Appendix A: Well known prime/generator pairs Appendix A: Well known prime/generator pairs
These numbers are copied from the IPSEC effort where the derivation of These numbers are copied from the IPSEC effort where the derivation of
these values is more fully explained and additional information is available. these values is more fully explained and additional information is available.
Richard Schroeppel performed all the mathematical and computational Richard Schroeppel performed all the mathematical and computational
work for this appendix. work for this appendix.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/