draft-ietf-dnsop-rfc2845bis-08.txt   draft-ietf-dnsop-rfc2845bis-09.txt 
Internet Engineering Task Force F. Dupont Internet Engineering Task Force F. Dupont
Internet-Draft S. Morris Internet-Draft S. Morris
Obsoletes: 2845, 4635 (if approved) ISC Obsoletes: 2845, 4635 (if approved) ISC
Intended status: Standards Track P. Vixie Intended status: Standards Track P. Vixie
Expires: November 5, 2020 Farsight Expires: January 11, 2021 Farsight
D. Eastlake 3rd D. Eastlake 3rd
Futurewei Futurewei
O. Gudmundsson O. Gudmundsson
Cloudflare Cloudflare
B. Wellington B. Wellington
Akamai Akamai
May 4, 2020 July 10, 2020
Secret Key Transaction Authentication for DNS (TSIG) Secret Key Transaction Authentication for DNS (TSIG)
draft-ietf-dnsop-rfc2845bis-08 draft-ietf-dnsop-rfc2845bis-09
Abstract Abstract
This document describes a protocol for transaction level This document describes a protocol for transaction level
authentication using shared secrets and one way hashing. It can be authentication using shared secrets and one way hashing. It can be
used to authenticate dynamic updates to a DNS zone as coming from an used to authenticate dynamic updates to a DNS zone as coming from an
approved client, or to authenticate responses as coming from an approved client, or to authenticate responses as coming from an
approved name server. approved name server.
No recommendation is made here for distributing the shared secrets: No recommendation is made here for distributing the shared secrets:
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 5, 2020. This Internet-Draft will expire on January 11, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 17, line 15 skipping to change at page 17, line 15
Implementations that support TSIG MUST also implement HMAC SHA1 and Implementations that support TSIG MUST also implement HMAC SHA1 and
HMAC SHA256 and MAY implement gss-tsig and the other algorithms HMAC SHA256 and MAY implement gss-tsig and the other algorithms
listed below. SHA-1 truncated to 96 bits (12 octets) SHOULD be listed below. SHA-1 truncated to 96 bits (12 octets) SHOULD be
implemented. implemented.
Name Implementation Use Name Implementation Use
------------------------ -------------- --------------- ------------------------ -------------- ---------------
HMAC-MD5.SIG-ALG.REG.INT MAY MUST NOT HMAC-MD5.SIG-ALG.REG.INT MAY MUST NOT
gss-tsig MAY MAY gss-tsig MAY MAY
hmac-sha1 MUST NOT RECOMMENDED hmac-sha1 MUST NOT RECOMMENDED
hmac-sha224 MAY NOT RECOMMENDED hmac-sha224 MAY MAY
hmac-sha256 MUST RECOMMENDED hmac-sha256 MUST RECOMMENDED
hmac-sha256-128 MAY MAY hmac-sha256-128 MAY MAY
hmac-sha384 MAY MAY hmac-sha384 MAY MAY
hmac-sha384-192 MAY MAY hmac-sha384-192 MAY MAY
hmac-sha512 MAY MAY hmac-sha512 MAY MAY
hmac-sha512-256 MAY MAY hmac-sha512-256 MAY MAY
Table 2 Table 2
7. TSIG Truncation Policy 7. TSIG Truncation Policy
skipping to change at page 28, line 34 skipping to change at page 28, line 34
* Reworked the section on client processing of response to remove * Reworked the section on client processing of response to remove
ambiguity. ambiguity.
* Section on TSIG over TCP now mentions zone transfer as an * Section on TSIG over TCP now mentions zone transfer as an
example, rather than the entire section being about zone example, rather than the entire section being about zone
transfers. transfers.
* Note that quote from RFC2845 in "What is DNSSEC?" section has * Note that quote from RFC2845 in "What is DNSSEC?" section has
been edited to refer to the latest standards. been edited to refer to the latest standards.
draft-ietf-dnsop-rfc2845bis-09
Change use of hmac-224 from NOT RECOMMENDED to MAY.
Authors' Addresses Authors' Addresses
Francis Dupont Francis Dupont
Internet Systems Consortium, Inc. Internet Systems Consortium, Inc.
PO Box 360 PO Box 360
Newmarket, NH 03857 Newmarket, NH 03857
United States of America United States of America
Email: Francis.Dupont@fdupont.fr Email: Francis.Dupont@fdupont.fr
Stephen Morris Stephen Morris
Internet Systems Consortium, Inc. Internet Systems Consortium, Inc.
PO Box 360 PO Box 360
Newmarket, NH 03857 Newmarket, NH 03857
United States of America United States of America
Email: sa.morris8@gmail.com Email: sa.morris8@gmail.com
Paul Vixie Paul Vixie
Farsight Security Inc Farsight Security Inc
177 Bovet Road, Suite 180 177 Bovet Road, Suite 180
San Mateo, CA 94402 San Mateo, CA 94402
United States of America United States of America
Email: paul@redbarn.org Email: paul@redbarn.org
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Futurewei Technologies Futurewei Technologies
 End of changes. 8 change blocks. 
6 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/