 1/draftietfdnsextrfc2539bisdhk01.txt 20060204 23:12:26.000000000 +0100
+++ 2/draftietfdnsextrfc2539bisdhk02.txt 20060204 23:12:26.000000000 +0100
@@ 1,19 +1,19 @@
INTERNETDRAFT DiffieHellman Keys in the DNS
OBSOLETES: RFC 2539 Donald Eastlake 3rd
Motorola
Expires: May 2002 November 2001
+Expires: November 2002 May 2002
Storage of DiffieHellman Keys in the Domain Name System (DNS)
         

+
Donald E. Eastlake 3rd
Status of This Document
This draft is intended to be become a Draft Standard RFC.
Distribution of this document is unlimited. Comments should be sent
to the DNS extensions working group mailing list
or to the author.
@@ 79,22 +79,21 @@
A.2. WellKnown Group 2: A 1024 bit prime.................8
A.3. WellKnown Group 3: A 1536 bit prime.................9
INTERNETDRAFT DiffieHellman Keys in the DNS
1. Introduction
The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and
similar information. The DNS has been extended to include digital
 signatures and cryptographic keys as described in [RFC 2535]. Thus
 the DNS can now be secured and used for key distribution.
+ signatures and cryptographic keys as described in [RFC 2535].
1.1 About This Document
This document describes how to store DiffieHellman keys in the DNS.
Familiarity with the DiffieHellman key exchange algorithm is assumed
[Schneier, RFC 2631].
1.2 About DiffieHellman
DiffieHellman requires two parties to interact to derive keying
@@ 108,21 +107,21 @@
Y = g**j ( mod p )
They exchange these quantities and then each calculates a Z as
follows:
Zi = Y**i ( mod p )
Zj = X**j ( mod p )
 Zi and Zj will both be equal to g**(ij)(mod p) and will be a shared
+ Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared
secret between the two parties that an adversary who does not know i
or j will not be able to learn from the exchanged messages (unless
the adversary can derive i or j by performing a discrete logarithm
mod p which is hard for strong p and g).
The private key for each party is their secret i (or j). The public
key is the pair p and g, which must be the same for the parties, and
their individual X (or Y).
For further information about DiffieHellman and precautions to take
@@ 206,21 +205,21 @@
5. Security Considerations
Many of the general security consideration in [RFC 2535] apply. Keys
retrieved from the DNS should not be trusted unless (1) they have
been securely obtained from a secure resolver or independently
verified by the user and (2) this secure resolver and secure
obtainment or independent verification conform to security policies
acceptable to the user. As with all cryptographic algorithms,
evaluating the necessary strength of the key is important and
 dependent on local policy.
+ dependent on security policy.
In addition, the usual DiffieHellman key strength considerations
apply. (p1)/2 should also be prime, g should be primitive mod p, p
should be "large", etc. [RFC 2631, Schneier]
INTERNETDRAFT DiffieHellman Keys in the DNS
References
[RFC 1034]  P. Mockapetris, "Domain names  concepts and
@@ 238,39 +237,40 @@
[RFC 2539]  Storage of DiffieHellman Keys in the Domain Name System
(DNS), D. Eastlake, March 1999, obsoleted by this RFC.
[RFC 2631]  DiffieHellman Key Agreement Method, E. Rescorla, June
1999.
[RFC 2671]  Extension Mechanisms for DNS (EDNS0), P. Vixie, August
1999.
[Schneier]  Bruce Schneier, "Applied Cryptography: Protocols,
 Algorithms, and Source Code in C", 1996, John Wiley and Sons.
+ Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley
+ and Sons.
Author's Address
Donald E. Eastlake 3rd
Motorola
155 Beaver Street
Milford, MA 01757 USA
 Telephone: +15082615434 (w)
+ Telephone: +15088518280 (w)
+15086342066 (h)
 FAX: +15082614447 (w)
+ FAX: +15088518507 (w)
EMail: Donald.Eastlake@motorola.com
Expiration and File Name
 This draft expires in May 2002.
+ This draft expires in November 2002.
 Its file name is draftietfdnsextrfc2539bisdhk01.txt.
+ Its file name is draftietfdnsextrfc2539bisdhk02.txt.
INTERNETDRAFT DiffieHellman Keys in the DNS
Appendix A: Well known prime/generator pairs
These numbers are copied from the IPSEC effort where the derivation of
these values is more fully explained and additional information is available.
Richard Schroeppel performed all the mathematical and computational
work for this appendix.