draft-ietf-dnssec-rsa-00.txt   draft-ietf-dnssec-rsa-01.txt 
INTERNET-DRAFT RSA/MD5 KEYs and SIGs in the DNS INTERNET-DRAFT RSA/MD5 KEYs and SIGs in the DNS
January 1998 October 1998
RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
------- ---- --- ---- -- --- ------ ---- ------ ----- ------- ---- --- ---- -- --- ------ ---- ------ -----
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
Status of This Document Status of This Document
This draft, file name draft-ietf-dnssec-rsa-00.txt, is intended to be This draft, file name draft-ietf-dnssec-rsa-01.txt, is intended to be
become a Proposed Standard RFC. Distribution of this document is become a Proposed Standard RFC. Distribution of this document is
unlimited. Comments should be sent to the DNS security mailing list unlimited. Comments should be sent to the DNS security mailing list
<dns-security@tis.com> or to the author. <dns-security@tis.com> or to the author.
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months. Internet-Drafts may be updated, replaced, or obsoleted by months. Internet-Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet- other documents at any time. It is not appropriate to use Internet-
Drafts as reference material or to cite them other than as a Drafts as reference material or to cite them other than as a
``working draft'' or ``work in progress.'' ``working draft'' or ``work in progress.''
To learn the current status of any Internet-Draft, please check the To view the entire list of current Internet-Drafts, please check the
1id-abstracts.txt listing contained in the Internet-Drafts Shadow "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (East USA), ftp.isi.edu (West USA), Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
nic.nordu.net (North Europe), ftp.nis.garr.it (South Europe), Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
munnari.oz.au (Pacific Rim), or ftp.is.co.za (Africa). Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
[Changes from the previous draft: change date, update author info,
add RFC 2119 reference]
Abstract Abstract
A standard method for storing RSA keys and and RSA/MD5 based A standard method for storing RSA keys and and RSA/MD5 based
signatures in the Domain Name System is described which utilizes DNS signatures in the Domain Name System is described which utilizes DNS
KEY and SIG resource records. KEY and SIG resource records.
INTERNET-DRAFT RSA/MD5 in the DNS INTERNET-DRAFT RSA/MD5 in the DNS
Table of Contents Table of Contents
skipping to change at page 3, line 21 skipping to change at page 3, line 21
other information. The DNS has been extended to include digital other information. The DNS has been extended to include digital
signatures and cryptographic keys as described in [draft-ietf- signatures and cryptographic keys as described in [draft-ietf-
dnssec-secext2-*]. Thus the DNS can now be secured and used for dnssec-secext2-*]. Thus the DNS can now be secured and used for
secure key distribution. secure key distribution.
This document describes how to store RSA keys and and RSA/MD5 based This document describes how to store RSA keys and and RSA/MD5 based
signatures in the DNS. Familiarity with the RSA algorithm is assumed signatures in the DNS. Familiarity with the RSA algorithm is assumed
[Schneier]. Implementation of the RSA algorithm in DNS is [Schneier]. Implementation of the RSA algorithm in DNS is
recommended. recommended.
The key words "MUST", "REQUIRED", "SHOULD", "RECOMMENDED", and "MAY"
in this document are to be interpreted as described in RFC 2119.
2. RSA Public KEY Resource Records 2. RSA Public KEY Resource Records
RSA public keys are stored in the DNS as KEY RRs using algorithm RSA public keys are stored in the DNS as KEY RRs using algorithm
number 1 [draft-ietf-dnssec-secext2-*]. The structure of the number 1 [draft-ietf-dnssec-secext2-*]. The structure of the
algorithm specific portion of the RDATA part of such RRs is as shown algorithm specific portion of the RDATA part of such RRs is as shown
below. below.
Field Size Field Size
----- ---- ----- ----
exponent length 1 or 3 octets (see text) exponent length 1 or 3 octets (see text)
skipping to change at page 6, line 14 skipping to change at page 6, line 14
INTERNET-DRAFT RSA/MD5 in the DNS INTERNET-DRAFT RSA/MD5 in the DNS
References References
[NETSEC] - Network Security: PRIVATE Communications in a PUBLIC [NETSEC] - Network Security: PRIVATE Communications in a PUBLIC
World, Charlie Kaufman, Radia Perlman, & Mike Speciner, Prentice Hall World, Charlie Kaufman, Radia Perlman, & Mike Speciner, Prentice Hall
Series in Computer Networking and Distributed Communications, 1995. Series in Computer Networking and Distributed Communications, 1995.
[PKCS1] - PKCS #1: RSA Encryption Standard, RSA Data Security, Inc., [PKCS1] - PKCS #1: RSA Encryption Standard, RSA Data Security, Inc.,
3 June 1991, Version 1.4. 3 June 1991, Version 1.4. [there is an ID on this and any resulting
RFC could be substitutes if available in time]
[RFC 1034] - P. Mockapetris, "Domain names - concepts and [RFC 1034] - P. Mockapetris, "Domain names - concepts and
facilities", 11/01/1987. facilities", 11/01/1987.
[RFC 1035] - P. Mockapetris, "Domain names - implementation and [RFC 1035] - P. Mockapetris, "Domain names - implementation and
specification", 11/01/1987. specification", 11/01/1987.
[RFC 1321] - R. Rivest, "The MD5 Message-Digest Algorithm", April [RFC 1321] - R. Rivest, "The MD5 Message-Digest Algorithm", April
1992. 1992.
skipping to change at page 6, line 37 skipping to change at page 6, line 38
[RFC xDSA] - draft-ietf-dnssec-dss-*.txt [RFC xDSA] - draft-ietf-dnssec-dss-*.txt
[Schneier] - Bruce Schneier, "Applied Cryptography Second Edition: [Schneier] - Bruce Schneier, "Applied Cryptography Second Edition:
protocols, algorithms, and source code in C", 1996, John Wiley and protocols, algorithms, and source code in C", 1996, John Wiley and
Sons, ISBN 0-471-11709-9. Sons, ISBN 0-471-11709-9.
Author's Address Author's Address
Donald E. Eastlake 3rd Donald E. Eastlake 3rd
CyberCash, Inc. IBM
318 Acton Street 318 Acton Street
Carlisle, MA 01741 USA Carlisle, MA 01741 USA
Telephone: +1 978 287 4877 Telephone: +1-978-287-4877
+1 703 620-4200 (main office, Reston, Virginia) +1-914-784-7913
FAX: +1 978 371 7148 FAX: +1-978-371-7148
EMail: dee@cybercash.com EMail: dee3@us.ibm.com
Expiration and File Name Expiration and File Name
This draft expires in July 1998. This draft expires in April 1999.
Its file name is draft-ietf-dnssec-rsa-00.txt. Its file name is draft-ietf-dnssec-rsa-01.txt.
 End of changes. 9 change blocks. 
14 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/