 1/draftietfdnsextrfc2539bisdhk00.txt 20060204 23:12:25.000000000 +0100
+++ 2/draftietfdnsextrfc2539bisdhk01.txt 20060204 23:12:26.000000000 +0100
@@ 1,18 +1,19 @@
+
INTERNETDRAFT DiffieHellman Keys in the DNS
OBSOLETES: RFC 2539 Donald Eastlake 3rd
Motorola
Expires: January 2002 July 2001
+Expires: May 2002 November 2001
Storage of DiffieHellman Keys in the Domain Name System (DNS)
         

+
Donald E. Eastlake 3rd
Status of This Document
This draft is intended to be become a Draft Standard RFC.
Distribution of this document is unlimited. Comments should be sent
to the DNS extensions working group mailing list
or to the author.
@@ 75,31 +76,31 @@
Appendix A: Well known prime/generator pairs...............8
A.1. WellKnown Group 1: A 768 bit prime..................8
A.2. WellKnown Group 2: A 1024 bit prime.................8
A.3. WellKnown Group 3: A 1536 bit prime.................9
INTERNETDRAFT DiffieHellman Keys in the DNS
1. Introduction
 The Domain Name System (DNS) is the current global hierarchical
 replicated distributed database system for Internet addressing, mail
 proxy, and similar information. The DNS has been extended to include
 digital signatures and cryptographic keys as described in [RFC 2535].
 Thus the DNS can now be used for secure key distribution.
+ The Domain Name System (DNS) is the global hierarchical replicated
+ distributed database system for Internet addressing, mail proxy, and
+ similar information. The DNS has been extended to include digital
+ signatures and cryptographic keys as described in [RFC 2535]. Thus
+ the DNS can now be secured and used for key distribution.
1.1 About This Document
This document describes how to store DiffieHellman keys in the DNS.
Familiarity with the DiffieHellman key exchange algorithm is assumed
 [Schneier].
+ [Schneier, RFC 2631].
1.2 About DiffieHellman
DiffieHellman requires two parties to interact to derive keying
information which can then be used for authentication. Since DNS SIG
RRs are primarily used as stored authenticators of zone information
for many different resolvers, no DiffieHellman algorithm SIG RR is
defined. For example, assume that two parties have local secrets "i"
and "j". Assume they each respectively calculate X and Y as follows:
@@ 253,23 +254,23 @@
155 Beaver Street
Milford, MA 01757 USA
Telephone: +15082615434 (w)
+15086342066 (h)
FAX: +15082614447 (w)
EMail: Donald.Eastlake@motorola.com
Expiration and File Name
 This draft expires in January 2002.
+ This draft expires in May 2002.
 Its file name is draftietfdnsextrfc2539bisdhk00.txt.
+ Its file name is draftietfdnsextrfc2539bisdhk01.txt.
INTERNETDRAFT DiffieHellman Keys in the DNS
Appendix A: Well known prime/generator pairs
These numbers are copied from the IPSEC effort where the derivation of
these values is more fully explained and additional information is available.
Richard Schroeppel performed all the mathematical and computational
work for this appendix.