draft-ietf-dnsext-rfc2539bis-dhk-06.txt   draft-ietf-dnsext-rfc2539bis-dhk-07.txt 
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
OBSOLETES: RFC 2539 Donald E. Eastlake 3rd OBSOLETES: RFC 2539 Donald E. Eastlake 3rd
Motorola Laboratories Motorola Laboratories
Expires: January 2006 July 2005 Expires: September 2006 March 2006
Storage of Diffie-Hellman Keying Information in the DNS Storage of Diffie-Hellman Keying Information in the DNS
------- -- -------------- ------ ----------- -- --- --- ------- -- -------------- ------ ----------- -- --- ---
<draft-ietf-dnsext-rfc2539bis-dhk-06.txt> <draft-ietf-dnsext-rfc2539bis-dhk-07.txt>
Status of This Document Status of This Document
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNS extensions working group mailing list to the DNS extensions working group mailing list
<namedroppers@ops.ietf.org>. <namedroppers@ops.ietf.org>.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Abstract Abstract
The standard method for encoding Diffie-Hellman keys in the Domain The standard method for encoding Diffie-Hellman keys in the Domain
Name System is specified. Name System is specified.
Copyright
Copyright (C) The Internet Society 2005.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Acknowledgements Acknowledgements
Part of the format for Diffie-Hellman keys and the description Part of the format for Diffie-Hellman keys and the description
thereof was taken from a work in progress by Ashar Aziz, Tom Markson, thereof was taken from a work in progress by Ashar Aziz, Tom Markson,
and Hemma Prafullchandra. In addition, the following persons and Hemma Prafullchandra. In addition, the following persons
provided useful comments that were incorporated into the predecessor provided useful comments that were incorporated into the predecessor
of this document: Ran Atkinson, Thomas Narten. of this document: Ran Atkinson, Thomas Narten.
Table of Contents Table of Contents
Status of This Document....................................1 Status of This Document....................................1
Abstract...................................................1 Abstract...................................................1
Copyright..................................................1
Acknowledgements...........................................2 Acknowledgements...........................................2
Table of Contents..........................................2 Table of Contents..........................................2
1. Introduction............................................3 1. Introduction............................................3
1.1 About This Document....................................3 1.1 About This Document....................................3
1.2 About Diffie-Hellman...................................3 1.2 About Diffie-Hellman...................................3
2. Encoding Diffie-Hellman Keying Information..............4 2. Encoding Diffie-Hellman Keying Information..............4
3. Performance Considerations..............................5 3. Performance Considerations..............................5
4. IANA Considerations.....................................5 4. IANA Considerations.....................................5
5. Security Considerations.................................5 5. Security Considerations.................................5
Copyright and Disclaimer...................................5 Copyright, Disclaimer, and Additional IPR Provisions.......5
Normative References.......................................7 Normative References.......................................7
Informative Refences.......................................7 Informative Refences.......................................7
Author Address.............................................8 Author's Address...........................................8
Expiration and File Name...................................8 Expiration and File Name...................................8
Appendix A: Well known prime/generator pairs...............9 Appendix A: Well known prime/generator pairs...............9
A.1. Well-Known Group 1: A 768 bit prime..................9 A.1. Well-Known Group 1: A 768 bit prime..................9
A.2. Well-Known Group 2: A 1024 bit prime.................9 A.2. Well-Known Group 2: A 1024 bit prime.................9
A.3. Well-Known Group 3: A 1536 bit prime................10 A.3. Well-Known Group 3: A 1536 bit prime................10
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
1. Introduction 1. Introduction
skipping to change at page 3, line 22 skipping to change at page 3, line 22
include digital signatures and cryptographic keys as described in include digital signatures and cryptographic keys as described in
[RFC 4033, 4034, 4035] and additonal work is underway which would use [RFC 4033, 4034, 4035] and additonal work is underway which would use
the storage of keying information in the DNS. the storage of keying information in the DNS.
1.1 About This Document 1.1 About This Document
This document describes how to store Diffie-Hellman keys in the DNS. This document describes how to store Diffie-Hellman keys in the DNS.
Familiarity with the Diffie-Hellman key exchange algorithm is assumed Familiarity with the Diffie-Hellman key exchange algorithm is assumed
[Schneier, RFC 2631]. [Schneier, RFC 2631].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
1.2 About Diffie-Hellman 1.2 About Diffie-Hellman
Diffie-Hellman requires two parties to interact to derive keying Diffie-Hellman requires two parties to interact to derive keying
information which can then be used for authentication. Thus Diffie- information which can then be used for authentication. Thus Diffie-
Hellman is inherently a key agreement algorithm. As a result, no Hellman is inherently a key agreement algorithm. As a result, no
format is defined for Diffie-Hellman "signature information". For format is defined for Diffie-Hellman "signature information". For
example, assume that two parties have local secrets "i" and "j". example, assume that two parties have local secrets "i" and "j".
Assume they each respectively calculate X and Y as follows: Assume they each respectively calculate X and Y as follows:
X = g**i ( mod p ) X = g**i ( mod p )
skipping to change at page 3, line 49 skipping to change at page 4, line 4
Zj = X**j ( mod p ) Zj = X**j ( mod p )
Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared Zi and Zj will both be equal to g**(i*j)(mod p) and will be a shared
secret between the two parties that an adversary who does not know i secret between the two parties that an adversary who does not know i
or j will not be able to learn from the exchanged messages (unless or j will not be able to learn from the exchanged messages (unless
the adversary can derive i or j by performing a discrete logarithm the adversary can derive i or j by performing a discrete logarithm
mod p which is hard for strong p and g). mod p which is hard for strong p and g).
The private key for each party is their secret i (or j). The public The private key for each party is their secret i (or j). The public
key is the pair p and g, which must be the same for the parties, and
their individual X (or Y).
For further information about Diffie-Hellman and precautions to take
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
key is the pair p and g, which is the same for both parties, and
their individual X (or Y).
For further information about Diffie-Hellman and precautions to take
in deciding on a p and g, see [RFC 2631]. in deciding on a p and g, see [RFC 2631].
2. Encoding Diffie-Hellman Keying Information 2. Encoding Diffie-Hellman Keying Information
When Diffie-Hellman keys appear within the RDATA portion of a RR, When Diffie-Hellman keys appear within the RDATA portion of a RR,
they are encoded as shown below. they are encoded as shown below.
The period of key validity is not included in this data but is The period of key validity is not included in this data but is
indicated separately, for example by an RR such as RRSIG which signs indicated separately, for example by an RR such as RRSIG which signs
and authenticates the RR containing the keying information. and authenticates the RR containing the keying information.
skipping to change at page 5, line 43 skipping to change at page 5, line 43
Keying information retrieved from the DNS should not be trusted Keying information retrieved from the DNS should not be trusted
unless (1) it has been securely obtained from a secure resolver or unless (1) it has been securely obtained from a secure resolver or
independently verified by the user and (2) this secure resolver and independently verified by the user and (2) this secure resolver and
secure obtainment or independent verification conform to security secure obtainment or independent verification conform to security
policies acceptable to the user. As with all cryptographic policies acceptable to the user. As with all cryptographic
algorithms, evaluating the necessary strength of the key is important algorithms, evaluating the necessary strength of the key is important
and dependent on security policy. and dependent on security policy.
In addition, the usual Diffie-Hellman key strength considerations In addition, the usual Diffie-Hellman key strength considerations
apply. (p-1)/2 should also be prime, g should be primitive mod p, p apply. (p-1)/2 SHOULD also be prime, g SHOULD be primitive mod p, p
should be "large", etc. See [RFC 2631, Schneier]. SHOULD be "large", etc. See [RFC 2631, Schneier].
Copyright and Disclaimer Copyright, Disclaimer, and Additional IPR Provisions
Copyright (C) The Internet Society (2005). This document is subject to Copyright (C) The Internet Society (2006). This document is subject to
the rights, licenses and restrictions contained in BCP 78, and except the rights, licenses and restrictions contained in BCP 78, and except
as set forth therein, the authors retain all their rights. as set forth therein, the authors retain all their rights.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Normative References Normative References
[RFC 2631] - "Diffie-Hellman Key Agreement Method", E. Rescorla, June [RFC 2119] - Bradner, S., "Key words for use in RFCs to Indicate
1999. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC 2434] - "Guidelines for Writing an IANA Considerations Section [RFC 2434] - "Guidelines for Writing an IANA Considerations Section
in RFCs", T. Narten, H. Alvestrand, October 1998. in RFCs", T. Narten, H. Alvestrand, October 1998.
[RFC 2631] - "Diffie-Hellman Key Agreement Method", E. Rescorla, June
1999.
[RFC 4034] - Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC 4034] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions", RFC 4034, Rose, "Resource Records for the DNS Security Extensions", RFC 4034,
March 2005. March 2005.
Informative Refences Informative Refences
[RFC 1034] - "Domain names - concepts and facilities", P. [RFC 1034] - "Domain names - concepts and facilities", P.
Mockapetris, November 1987. Mockapetris, November 1987.
[RFC 1035] - "Domain names - implementation and specification", P. [RFC 1035] - "Domain names - implementation and specification", P.
skipping to change at page 8, line 7 skipping to change at page 8, line 7
[RFC 4035] - Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC 4035] - Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security Extensions", RFC Rose, "Protocol Modifications for the DNS Security Extensions", RFC
4035, March 2005. 4035, March 2005.
[Schneier] - Bruce Schneier, "Applied Cryptography: Protocols, [Schneier] - Bruce Schneier, "Applied Cryptography: Protocols,
Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley Algorithms, and Source Code in C" (Second Edition), 1996, John Wiley
and Sons. and Sons.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Author Address Author's Address
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Motorola Laboratories Motorola Laboratories
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-786-7554 Telephone: +1-508-786-7554
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Expiration and File Name Expiration and File Name
This draft expires in January 2006. This draft expires in September 2006.
Its file name is draft-ietf-dnsext-rfc2539bis-dhk-06.txt. Its file name is draft-ietf-dnsext-rfc2539bis-dhk-07.txt.
INTERNET-DRAFT Diffie-Hellman Information in the DNS INTERNET-DRAFT Diffie-Hellman Information in the DNS
Appendix A: Well known prime/generator pairs Appendix A: Well known prime/generator pairs
These numbers are copied from the IPSEC effort where the derivation of These numbers are copied from the IPSEC effort where the derivation
these values is more fully explained and additional information is of these values is more fully explained and additional information is
available. available. Richard Schroeppel performed all the mathematical and
Richard Schroeppel performed all the mathematical and computational computational work for this appendix.
work for this appendix.
A.1. Well-Known Group 1: A 768 bit prime A.1. Well-Known Group 1: A 768 bit prime
The prime is 2^768 - 2^704 - 1 + 2^64 * { [2^638 pi] + 149686 }. Its The prime is 2^768 - 2^704 - 1 + 2^64 * { [2^638 pi] + 149686 }. Its
decimal value is decimal value is
155251809230070893513091813125848175563133404943451431320235 155251809230070893513091813125848175563133404943451431320235
119490296623994910210725866945387659164244291000768028886422 119490296623994910210725866945387659164244291000768028886422
915080371891804634263272761303128298374438082089019628850917 915080371891804634263272761303128298374438082089019628850917
0691316593175367469551763119843371637221007210577919 0691316593175367469551763119843371637221007210577919
 End of changes. 20 change blocks. 
28 lines changed or deleted 51 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/