draft-ietf-dnsext-rfc2539bis-dhk-05.txt   draft-ietf-dnsext-rfc2539bis-dhk-06.txt 
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
OBSOLETES: RFC 2539 Donald E. Eastlake 3rd OBSOLETES: RFC 2539 Donald E. Eastlake 3rd
Motorola Laboratories Motorola Laboratories
Expires: September 2005 March 2005 Expires: January 2006 July 2005
Storage of Diffie-Hellman Keying Information in the DNS Storage of Diffie-Hellman Keying Information in the DNS
------- -- -------------- ------ ----------- -- --- --- ------- -- -------------- ------ ----------- -- --- ---
<draft-ietf-dnsext-rfc2539bis-dhk-05.txt> <draft-ietf-dnsext-rfc2539bis-dhk-06.txt>
Status of This Document Status of This Document
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, each author represents that any
patent or other IPR claims of which I am aware have been disclosed, applicable patent or other IPR claims of which he or she is aware
or will be disclosed, and any of which I become aware will be have been or will be disclosed, and any of which he or she becomes
disclosed, in accordance with RFC 3668. aware will be disclosed, in accordance with Section 6 of BCP 79.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNS extensions working group mailing list to the DNS extensions working group mailing list
<namedroppers@ops.ietf.org>. <namedroppers@ops.ietf.org>.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 2, line 35 skipping to change at page 2, line 35
1.1 About This Document....................................3 1.1 About This Document....................................3
1.2 About Diffie-Hellman...................................3 1.2 About Diffie-Hellman...................................3
2. Encoding Diffie-Hellman Keying Information..............4 2. Encoding Diffie-Hellman Keying Information..............4
3. Performance Considerations..............................5 3. Performance Considerations..............................5
4. IANA Considerations.....................................5 4. IANA Considerations.....................................5
5. Security Considerations.................................5 5. Security Considerations.................................5
Copyright and Disclaimer...................................5 Copyright and Disclaimer...................................5
Normative References.......................................7 Normative References.......................................7
Informative Refences.......................................7 Informative Refences.......................................7
Author Address.............................................7
Author Address.............................................8
Expiration and File Name...................................8 Expiration and File Name...................................8
Appendix A: Well known prime/generator pairs...............9 Appendix A: Well known prime/generator pairs...............9
A.1. Well-Known Group 1: A 768 bit prime..................9 A.1. Well-Known Group 1: A 768 bit prime..................9
A.2. Well-Known Group 2: A 1024 bit prime.................9 A.2. Well-Known Group 2: A 1024 bit prime.................9
A.3. Well-Known Group 3: A 1536 bit prime................10 A.3. Well-Known Group 3: A 1536 bit prime................10
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
1. Introduction 1. Introduction
The Domain Name System (DNS) is the global hierarchical replicated The Domain Name System (DNS) is the global hierarchical replicated
distributed database system for Internet addressing, mail proxy, and distributed database system for Internet addressing, mail proxy, and
similar information [RFC 1034, 1035]. The DNS has been extended to similar information [RFC 1034, 1035]. The DNS has been extended to
include digital signatures and cryptographic keys as described in include digital signatures and cryptographic keys as described in
[RFC intro, proto, records] and additonal work is underway which [RFC 4033, 4034, 4035] and additonal work is underway which would use
would use the storage of keying information in the DNS. the storage of keying information in the DNS.
1.1 About This Document 1.1 About This Document
This document describes how to store Diffie-Hellman keys in the DNS. This document describes how to store Diffie-Hellman keys in the DNS.
Familiarity with the Diffie-Hellman key exchange algorithm is assumed Familiarity with the Diffie-Hellman key exchange algorithm is assumed
[Schneier, RFC 2631]. [Schneier, RFC 2631].
1.2 About Diffie-Hellman 1.2 About Diffie-Hellman
Diffie-Hellman requires two parties to interact to derive keying Diffie-Hellman requires two parties to interact to derive keying
skipping to change at page 5, line 48 skipping to change at page 5, line 48
policies acceptable to the user. As with all cryptographic policies acceptable to the user. As with all cryptographic
algorithms, evaluating the necessary strength of the key is important algorithms, evaluating the necessary strength of the key is important
and dependent on security policy. and dependent on security policy.
In addition, the usual Diffie-Hellman key strength considerations In addition, the usual Diffie-Hellman key strength considerations
apply. (p-1)/2 should also be prime, g should be primitive mod p, p apply. (p-1)/2 should also be prime, g should be primitive mod p, p
should be "large", etc. See [RFC 2631, Schneier]. should be "large", etc. See [RFC 2631, Schneier].
Copyright and Disclaimer Copyright and Disclaimer
Copyright (C) The Internet Society 2005. This document is subject to Copyright (C) The Internet Society (2005). This document is subject to
the rights, licenses and restrictions contained in BCP 78 and except the rights, licenses and restrictions contained in BCP 78, and except
as set forth therein, the authors retain all their rights. as set forth therein, the authors retain all their rights.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
skipping to change at page 7, line 15 skipping to change at page 7, line 15
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Normative References Normative References
[RFC 2631] - "Diffie-Hellman Key Agreement Method", E. Rescorla, June [RFC 2631] - "Diffie-Hellman Key Agreement Method", E. Rescorla, June
1999. 1999.
[RFC 2434] - "Guidelines for Writing an IANA Considerations Section [RFC 2434] - "Guidelines for Writing an IANA Considerations Section
in RFCs", T. Narten, H. Alvestrand, October 1998. in RFCs", T. Narten, H. Alvestrand, October 1998.
[RFC records] - "Resource Records for the DNS Security Extensions", [RFC 4034] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
R. Arends, R. Austein, M. Larson, D. Massey, S. Rose, work in Rose, "Resource Records for the DNS Security Extensions", RFC 4034,
progress, draft-ietf-dnsext-dnssec-records- *.txt. March 2005.
Informative Refences Informative Refences
[RFC 1034] - "Domain names - concepts and facilities", P. [RFC 1034] - "Domain names - concepts and facilities", P.
Mockapetris, November 1987. Mockapetris, November 1987.
[RFC 1035] - "Domain names - implementation and specification", P. [RFC 1035] - "Domain names - implementation and specification", P.
Mockapetris, November 1987. Mockapetris, November 1987.
[RFC 2539] - "Storage of Diffie-Hellman Keys in the Domain Name [RFC 2539] - "Storage of Diffie-Hellman Keys in the Domain Name
System (DNS)", D. Eastlake, March 1999, obsoleted by this RFC. System (DNS)", D. Eastlake, March 1999, obsoleted by this RFC.
[RFC 2671] - "Extension Mechanisms for DNS (EDNS0)", P. Vixie, August [RFC 2671] - "Extension Mechanisms for DNS (EDNS0)", P. Vixie, August
1999. 1999.
[RFC intro] - "DNS Security Introduction and Requirements", R. [RFC 4033] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
Arends, M. Larson, R. Austein, D. Massey, S. Rose, work in progress, Rose, "DNS Security Introduction and Requirements", RFC 4033, March
draft-ietf-dnsext-dnssec-intro-*.txt. 2005.
[RFC protocol] - "Protocol Modifications for the DNS Security [RFC 4035] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
Extensions", R. Arends, M. Larson, R. Austein, D. Massey, S. Rose, Rose, "Protocol Modifications for the DNS Security Extensions", RFC
work in progress, draft-ietf-dnsext-dnssec-protocol-*.txt. 4035, March 2005.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley
and Sons. and Sons.
INTERNET-DRAFT Diffie-Hellman Information in the DNS
Author Address Author Address
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Motorola Laboratories Motorola Laboratories
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-786-7554 Telephone: +1-508-786-7554
INTERNET-DRAFT Diffie-Hellman Information in the DNS
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in September 2005. This draft expires in January 2006.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-05.txt. Its file name is draft-ietf-dnsext-rfc2539bis-dhk-06.txt.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Appendix A: Well known prime/generator pairs Appendix A: Well known prime/generator pairs
These numbers are copied from the IPSEC effort where the derivation of These numbers are copied from the IPSEC effort where the derivation of
these values is more fully explained and additional information is these values is more fully explained and additional information is
available. available.
Richard Schroeppel performed all the mathematical and computational Richard Schroeppel performed all the mathematical and computational
work for this appendix. work for this appendix.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/