idnits 2.17.00 (12 Aug 2021) /tmp/idnits28729/draft-ietf-curdle-dnskey-eddsa-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 10, 2016) is 2048 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-irtf-cfrg-eddsa has been published as RFC 8032 ** Downref: Normative reference to an Informational draft: draft-irtf-cfrg-eddsa (ref. 'I-D.irtf-cfrg-eddsa') ** Downref: Normative reference to an Informational RFC: RFC 7748 -- Obsolete informational reference (is this intentional?): RFC 6982 (Obsoleted by RFC 7942) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force O. Sury 3 Internet-Draft CZ.NIC 4 Intended status: Standards Track R. Edmonds 5 Expires: April 13, 2017 Fastly 6 October 10, 2016 8 EdDSA for DNSSEC 9 draft-ietf-curdle-dnskey-eddsa-01 11 Abstract 13 This document describes how to specify EdDSA keys and signatures in 14 DNS Security (DNSSEC). It uses the Edwards-curve Digital Security 15 Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on April 13, 2017. 34 Copyright Notice 36 Copyright (c) 2016 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 53 3. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 2 54 4. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 3 55 5. Algorithm Number for DS, DNSKEY and RRSIG Resource Records . 3 56 6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 6.1. Ed25519 Examples . . . . . . . . . . . . . . . . . . . . 3 58 6.2. Ed448 Example . . . . . . . . . . . . . . . . . . . . . . 4 59 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 60 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 61 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 6 62 10. Security Considerations . . . . . . . . . . . . . . . . . . . 6 63 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 64 11.1. Normative References . . . . . . . . . . . . . . . . . . 7 65 11.2. Informative References . . . . . . . . . . . . . . . . . 7 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 68 1. Introduction 70 DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and 71 [RFC4035], uses cryptographic keys and digital signatures to provide 72 authentication of DNS data. Currently, the most popular signature 73 algorithm in use is RSA. GOST ([RFC5933]) and NIST-specified 74 elliptic curve cryptography ([RFC6605]) are also standardized. 76 [I-D.irtf-cfrg-eddsa] describes the elliptic curve signature system 77 EdDSA and recommends two curves, Ed25519 and Ed448. 79 This document defines the use of DNSSEC's DS, DNSKEY, and RRSIG 80 resource records (RRs) with a new signing algorithm, Edwards-curve 81 Digital Signature Algorithm (EdDSA) using a choice of two curves, 82 Ed25519 and Ed448. 84 2. Requirements Language 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 88 document are to be interpreted as described in [RFC2119]. 90 3. DNSKEY Resource Records 92 An Ed25519 public key consists of a 32-octet value, which is encoded 93 into the Public Key field of a DNSKEY resource record as a simple bit 94 string. The generation of a public key is defined in Chapter 5.1.5 95 in [I-D.irtf-cfrg-eddsa]. 97 An Ed448 public key consists of a 57-octet value, which is encoded 98 into the Public Key field of a DNSKEY resource record as a simple bit 99 string. The generation of a public key is defined in Chapter 5.2.5 100 in [I-D.irtf-cfrg-eddsa]. 102 4. RRSIG Resource Records 104 In Chapter 10.3 in [I-D.irtf-cfrg-eddsa], the use of a context label 105 is described. EdDSA signatures in this scheme use the 12-octet 106 context label 'DNSSECRRSIG\0' (where \0 represents a zero-valued 107 octet). 109 An Ed25519 signature consists of a 64-octet value, which is encoded 110 into the Signature field of an RRSIG resource record as a simple bit 111 string. The Ed25519 signature algorithm is described in Chapter 112 5.1.6 in [I-D.irtf-cfrg-eddsa]. 114 An Ed448 signature consists of a 114-octet value, which is encoded 115 into the Signature field of an RRSIG resource record as a simple bit 116 string. The Ed448 signature algorithm is described in Chapter 5.2.6 117 and verification of the Ed448 signature is described in Chapter 5.2.7 118 in [I-D.irtf-cfrg-eddsa]. 120 5. Algorithm Number for DS, DNSKEY and RRSIG Resource Records 122 The algorithm number associated with the use of Ed25519 in DS, DNSKEY 123 and RRSIG resource records is TBD. The algorithm number associated 124 with the use of Ed448 in DS, DNSKEY and RRSIG resource records is 125 TBD. This registration is fully defined in the IANA Considerations 126 section. 128 6. Examples 130 6.1. Ed25519 Examples 131 This section needs an update after the algorithm for Ed25519 is 132 assigned. 134 Private-key-format: v1.2 135 Algorithm: TBD (ED25519) 136 PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI= 137 # corresponding to 82260384628080122645190204142262 INT 139 example.com. 3600 IN DNSKEY 257 3 TBD ( 140 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ) 142 example.com. 3600 IN DS 3613 TBD 2 ( 143 3aa5ab37efce57f737fc1627013fee07bdf241bd10f3 144 b1964ab55c78e79a304b ) 146 www.example.com. 3600 IN A 192.0.2.1 147 www.example.com. 3600 IN RRSIG A TBD 3 3600 ( 148 20150820000000 20150730000000 3613 example.com. 149 cvTRVrU7dwnemQuBq9/E4tlIiRpvWcEmYdzqs6SCQxw6 150 qmczBBQGldssMx1TCJnwsEs9ZuA2phPzuJNoon9BCA== ) 152 Private-key-format: v1.2 153 Algorithm: TBD (ED25519) 154 PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY= 156 example.com. 3600 IN DNSKEY 257 3 TBD ( 157 zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs= ) 159 example.com. 3600 IN DS 55648 TBD 2 ( 160 96401675bc7ecdd541ec0f70d69238c7b95d3bd4de1e 161 231a068ceb214d02a4ed ) 163 www.example.com. 3600 IN A 192.0.2.1 164 www.example.com. 3600 IN RRSIG A TBD 3 3600 ( 165 20150820000000 20150730000000 35452 example.com. 166 yuGb9rCNIuhDaRJbuhYHj89Y/3Pi8KWUm7lOt00ivVRGvgulmVX8DgpE 167 AFyMP2MKXJrqYJr+ViiCIDwcOIbPAQ==) 169 6.2. Ed448 Example 170 This section needs an update after the algorithm for Ed448 is 171 assigned. 173 Private-key-format: v1.2 174 Algorithm: TBD (ED448) 175 PrivateKey: TBD 177 example.com. 3600 IN DNSKEY 257 3 TBD ( 178 TBD ) 180 example.com. 3600 IN DS 3613 TBD 2 ( 181 TBD ) 183 www.example.com. 3600 IN A 192.0.2.1 184 www.example.com. 3600 IN RRSIG A TBD 3 3600 ( 185 20150820000000 20150730000000 3613 example.com. 186 TBD ) 188 Private-key-format: v1.2 189 Algorithm: TBD (ED448) 190 PrivateKey: TBD 192 example.com. 3600 IN DNSKEY 257 3 TBD ( 193 TBD ) 195 example.com. 3600 IN DS 55648 TBD 2 ( 196 TBD ) 198 www.example.com. 3600 IN A 192.0.2.1 199 www.example.com. 3600 IN RRSIG A TBD 3 3600 ( 200 20150820000000 20150730000000 35452 example.com. 201 TBD ) 203 7. Acknowledgements 205 Some of the material in this document is copied liberally from 206 [RFC6605]. 208 The authors of this document wish to thank Jan Vcelak, Pieter Lexis 209 and Kees Monshouwer for a review of this document. 211 8. IANA Considerations 213 This document updates the IANA registry "Domain Name System Security 214 (DNSSEC) Algorithm Numbers". The following entry has been added to 215 the registry: 217 +--------------+---------------+---------------+ 218 | Number | TBD | TBD | 219 | Description | Ed25519 | Ed448 | 220 | Mnemonic | ED25519 | Ed448 | 221 | Zone Signing | Y | Y | 222 | Trans. Sec. | * | * | 223 | Reference | This document | This document | 224 +--------------+---------------+---------------+ 226 * There has been no determination of standardization of the use of 227 this algorithm with Transaction Security. 229 9. Implementation Status 231 (Note to the RFC Editor: please remove this entire section as well as 232 the reference to RFC 6982 before publication.) 234 This section records the status of known implementations of the 235 protocol defined by this specification at the time of posting of this 236 Internet-Draft, and is based on a proposal described in [RFC6982]. 237 The description of implementations in this section is intended to 238 assist the IETF in its decision processes in progressing drafts to 239 RFCs. Please note that the listing of any individual implementation 240 here does not imply endorsement by the IETF. Furthermore, no effort 241 has been spent to verify the information presented here that was 242 supplied by IETF contributors. This is not intended as, and must not 243 be construed to be, a catalog of available implementations or their 244 features. Readers are advised to note that other implementations may 245 exist. 247 According to [RFC6982], "this will allow reviewers and working groups 248 to assign due consideration to documents that have the benefit of 249 running code, which may serve as evidence of valuable experimentation 250 and feedback that have made the implemented protocols more mature. 251 It is up to the individual working groups to use this information as 252 they see fit". 254 10. Security Considerations 256 The security level of Ed25519 is slightly under the standard 128-bit 257 level and the security level of Ed448 is slightly under the standard 258 224-bit level ([RFC7748]). Security considerations listed in 259 [RFC7748] also apply to the usage of Ed25519 and Ed448 in DNSSEC. 260 Such an assessment could, of course, change in the future if new 261 attacks that work better than the ones known today are found. 263 11. References 265 11.1. Normative References 267 [I-D.irtf-cfrg-eddsa] 268 Josefsson, S. and I. Liusvaara, "Edwards-curve Digital 269 Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-08 270 (work in progress), August 2016. 272 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 273 Requirement Levels", BCP 14, RFC 2119, 274 DOI 10.17487/RFC2119, March 1997, 275 . 277 [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. 278 Rose, "DNS Security Introduction and Requirements", 279 RFC 4033, DOI 10.17487/RFC4033, March 2005, 280 . 282 [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. 283 Rose, "Resource Records for the DNS Security Extensions", 284 RFC 4034, DOI 10.17487/RFC4034, March 2005, 285 . 287 [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. 288 Rose, "Protocol Modifications for the DNS Security 289 Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, 290 . 292 [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves 293 for Security", RFC 7748, DOI 10.17487/RFC7748, January 294 2016, . 296 11.2. Informative References 298 [RFC5933] Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of 299 GOST Signature Algorithms in DNSKEY and RRSIG Resource 300 Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July 301 2010, . 303 [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital 304 Signature Algorithm (DSA) for DNSSEC", RFC 6605, 305 DOI 10.17487/RFC6605, April 2012, 306 . 308 [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 309 Code: The Implementation Status Section", RFC 6982, 310 DOI 10.17487/RFC6982, July 2013, 311 . 313 Authors' Addresses 315 Ondrej Sury 316 CZ.NIC 317 Milesovska 1136/5 318 Praha 130 00 319 CZ 321 Email: ondrej.sury@nic.cz 323 Robert Edmonds 324 Fastly 325 Atlanta, Georgia 326 US 328 Email: edmonds@mycre.ws