draft-ietf-dnsext-tsig-sha-04.txt   draft-ietf-dnsext-tsig-sha-05.txt 
INTERNET-DRAFT Donald E. Eastlake 3rd INTERNET-DRAFT Donald E. Eastlake 3rd
UPDATES RFC 2845 Motorola Laboratories UPDATES RFC 2845 Motorola Laboratories
Expires: December 2005 June 2005 Expires: April 2006 October 2005
HMAC SHA TSIG Algorithm Identifiers HMAC SHA TSIG Algorithm Identifiers
---- --- ---- --------- ----------- ---- --- ---- --------- -----------
<draft-ietf-dnsext-tsig-sha-04.txt> <draft-ietf-dnsext-tsig-sha-05.txt>
Status of This Document Status of This Document
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
This draft is intended to be become a Proposed Standard RFC. This draft is intended to be become a Proposed Standard RFC.
Distribution of this document is unlimited. Comments should be sent Distribution of this document is unlimited. Comments should be sent
to the DNSEXT working group mailing list <namedroppers@ops.ietf.org>. to the DNSEXT working group mailing list <namedroppers@ops.ietf.org>.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Abstract Abstract
Use of the TSIG DNS resource record requires specification of a Use of the TSIG DNS resource record requires specification of a
cryptographic message authentication code. Currently identifiers cryptographic message authentication code. Currently identifiers
have been specified only for the HMAC-MD5 and GSS TSIG algorithms. have been specified only for the HMAC-MD5 and GSS TSIG algorithms.
This document standardizes identifiers and implementation This document standardizes identifiers and implementation
requirements for additional HMAC SHA TSIG algorithms and standardizes requirements for additional HMAC SHA TSIG algorithms and standardizes
how to specify and handle the truncation of HMAC values. how to specify and handle the truncation of HMAC values.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society 2005. All Rights Reserved.
INTERNET-DRAFT HMAC-SHA TSIG Identifiers
Table of Contents
Status of This Document....................................1 Status of This Document....................................1
Abstract...................................................1 Abstract...................................................1
Copyright Notice...........................................1 Copyright Notice...........................................1
Table of Contents..........................................2 Table of Contents..........................................2
1. Introduction............................................3 1. Introduction............................................3
2. Algorithms and Identifiers..............................4 2. Algorithms and Identifiers..............................4
3. Specifying Truncation...................................5 3. Specifying Truncation...................................5
3.1 Truncation Specification...............................5 3.1 Truncation Specification...............................5
4. TSIG Policy Provisions and Truncation Error.............7 4. TSIG Policy Provisions and Truncation Error.............7
5. IANA Considerations.....................................8 5. IANA Considerations.....................................8
6. Security Considerations.................................8 6. Security Considerations.................................8
6. Copyright and Disclaimer................................8 7. Copyright and Disclaimer................................8
7. Normative References....................................9 8. Normative References....................................9
8. Informative References..................................9 9. Informative References..................................9
Author's Address..........................................10 Author's Address..........................................10
Additional IPR Provisions.................................10
Expiration and File Name..................................10 Expiration and File Name..................................10
INTERNET-DRAFT HMAC-SHA TSIG Identifiers INTERNET-DRAFT HMAC-SHA TSIG Identifiers
1. Introduction 1. Introduction
[RFC 2845] specifies a TSIG Resource Record (RR) that can be used to [RFC 2845] specifies a TSIG Resource Record (RR) that can be used to
authenticate DNS queries and responses. This RR contains a domain authenticate DNS queries and responses. This RR contains a domain
name syntax data item which names the authentication algorithm used. name syntax data item which names the authentication algorithm used.
[RFC 2845] defines the HMAC-MD5.SIG-ALG.REG.INT name for [RFC 2845] defines the HMAC-MD5.SIG-ALG.REG.INT name for
skipping to change at page 8, line 34 skipping to change at page 8, line 34
Significant progress has been made recently in cryptanalysis of hash Significant progress has been made recently in cryptanalysis of hash
function of the type used herein, all of which ultimately derive from function of the type used herein, all of which ultimately derive from
the design of MD4. While the results so far should not effect HMAC, the design of MD4. While the results so far should not effect HMAC,
the stronger SHA-1 and SHA-256 algorithms are being made mandatory the stronger SHA-1 and SHA-256 algorithms are being made mandatory
due to caution. due to caution.
See the Security Considerations section of [RFC 2845]. See also the See the Security Considerations section of [RFC 2845]. See also the
Security Considerations section of [RFC 2104] from which the limits Security Considerations section of [RFC 2104] from which the limits
on truncation in this RFC were taken. on truncation in this RFC were taken.
6. Copyright and Disclaimer 7. Copyright and Disclaimer
Copyright (C) The Internet Society (2005). This document is subject to Copyright (C) The Internet Society (2005).
the rights, licenses and restrictions contained in BCP 78, and except
as set forth therein, the authors retain all their rights. This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
INTERNET-DRAFT HMAC-SHA TSIG Identifiers INTERNET-DRAFT HMAC-SHA TSIG Identifiers
7. Normative References 8. Normative References
[FIPS 180-2] - "Secure Hash Standard", (SHA-1/224/256/384/512) US [FIPS 180-2] - "Secure Hash Standard", (SHA-1/224/256/384/512) US
Federal Information Processing Standard, with Change Notice 1, Federal Information Processing Standard, with Change Notice 1,
February 2004. February 2004.
[RFC 1321] - Rivest, R., "The MD5 Message-Digest Algorithm ", RFC [RFC 1321] - Rivest, R., "The MD5 Message-Digest Algorithm ", RFC
1321, April 1992. 1321, April 1992.
[RFC 2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC 2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, February 1997. Hashing for Message Authentication", RFC 2104, February 1997.
[RFC 2119] - Bradner, S., "Key words for use in RFCs to Indicate [RFC 2119] - Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC 2845] - Vixie, P., Gudmundsson, O., Eastlake 3rd, D., and B. [RFC 2845] - Vixie, P., Gudmundsson, O., Eastlake 3rd, D., and B.
Wellington, "Secret Key Transaction Authentication for DNS (TSIG)", Wellington, "Secret Key Transaction Authentication for DNS (TSIG)",
RFC 2845, May 2000. RFC 2845, May 2000.
8. Informative References. 9. Informative References.
[RFC 2931] - Eastlake 3rd, D., "DNS Request and Transaction [RFC 2931] - Eastlake 3rd, D., "DNS Request and Transaction
Signatures ( SIG(0)s )", RFC 2931, September 2000. Signatures ( SIG(0)s )", RFC 2931, September 2000.
[RFC 3174] - Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm [RFC 3174] - Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm
1 (SHA1)", RFC 3174, September 2001. 1 (SHA1)", RFC 3174, September 2001.
[RFC 3645] - Kwan, S., Garg, P., Gilroy, J., Esibov, L., Westhead, [RFC 3645] - Kwan, S., Garg, P., Gilroy, J., Esibov, L., Westhead,
J., and R. Hall, "Generic Security Service Algorithm for Secret Key J., and R. Hall, "Generic Security Service Algorithm for Secret Key
Transaction Authentication for DNS (GSS-TSIG)", RFC 3645, October Transaction Authentication for DNS (GSS-TSIG)", RFC 3645, October
2003. 2003.
[RFC 3874] - R. Housely, "A 224-bit One-way Hash Function: SHA-224", [RFC 3874] - R. Housely, "A 224-bit One-way Hash Function: SHA-224",
September 2004, September 2004,
[SHA2draft] - Eastlake, D., T. Hansen, "US Secure Hash Algorithms [SHA2draft] - Eastlake, D., T. Hansen, "US Secure Hash Algorithms
(SHA)", work in progress. (SHA)", draft-eastlake-sha1-*.txt, work in progress.
INTERNET-DRAFT HMAC-SHA TSIG Identifiers INTERNET-DRAFT HMAC-SHA TSIG Identifiers
Author's Address Author's Address
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Motorola Laboratories Motorola Laboratories
155 Beaver Street 155 Beaver Street
Milford, MA 01757 USA Milford, MA 01757 USA
Telephone: +1-508-786-7554 (w) Telephone: +1-508-786-7554 (w)
EMail: Donald.Eastlake@motorola.com EMail: Donald.Eastlake@motorola.com
Additional IPR Provisions
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology
described in this document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights. Information on the procedures with respect to
rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other
proprietary rights that may cover technology that may be required
to implement this standard. Please address the information to the
IETF at ietf-ipr@ietf.org.
Expiration and File Name Expiration and File Name
This draft expires in December 2005. This draft expires in April 2006.
Its file name is draft-ietf-dnsext-tsig-sha-04.txt Its file name is draft-ietf-dnsext-tsig-sha-05.txt
 End of changes. 15 change blocks. 
20 lines changed or deleted 41 lines changed or added

This html diff was produced by rfcdiff 1.27, available from http://www.levkowetz.com/ietf/tools/rfcdiff/