draft-ietf-curdle-dnskey-eddsa-00.txt   draft-ietf-curdle-dnskey-eddsa-01.txt 
Internet Engineering Task Force O. Sury Internet Engineering Task Force O. Sury
Internet-Draft CZ.NIC Internet-Draft CZ.NIC
Intended status: Standards Track R. Edmonds Intended status: Standards Track R. Edmonds
Expires: October 20, 2016 Farsight Security, Inc. Expires: April 13, 2017 Fastly
April 18, 2016 October 10, 2016
EdDSA for DNSSEC EdDSA for DNSSEC
draft-ietf-curdle-dnskey-eddsa-00 draft-ietf-curdle-dnskey-eddsa-01
Abstract Abstract
This document describes how to specify EdDSA keys and signatures in This document describes how to specify EdDSA keys and signatures in
DNS Security (DNSSEC). It uses the Edwards-curve Digital Security DNS Security (DNSSEC). It uses the Edwards-curve Digital Security
Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 20, 2016. This Internet-Draft will expire on April 13, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 13 skipping to change at page 3, line 13
in [I-D.irtf-cfrg-eddsa]. in [I-D.irtf-cfrg-eddsa].
An Ed448 public key consists of a 57-octet value, which is encoded An Ed448 public key consists of a 57-octet value, which is encoded
into the Public Key field of a DNSKEY resource record as a simple bit into the Public Key field of a DNSKEY resource record as a simple bit
string. The generation of a public key is defined in Chapter 5.2.5 string. The generation of a public key is defined in Chapter 5.2.5
in [I-D.irtf-cfrg-eddsa]. in [I-D.irtf-cfrg-eddsa].
4. RRSIG Resource Records 4. RRSIG Resource Records
In Chapter 10.3 in [I-D.irtf-cfrg-eddsa], the use of a context label In Chapter 10.3 in [I-D.irtf-cfrg-eddsa], the use of a context label
is described. EdDSA signatures in this scheme use the 17-octet is described. EdDSA signatures in this scheme use the 12-octet
context label 'DNSSEC SIGNATURE\0' (where \0 represents a zero-valued context label 'DNSSECRRSIG\0' (where \0 represents a zero-valued
octet). octet).
(Note: Only Ed448 has the Context specified. Before publishing the
final draft we need to specify what to do with Ed25519 Context.)
An Ed25519 signature consists of a 64-octet value, which is encoded An Ed25519 signature consists of a 64-octet value, which is encoded
into the Signature field of an RRSIG resource record as a simple bit into the Signature field of an RRSIG resource record as a simple bit
string. The Ed25519 signature algorithm is described in Chapter string. The Ed25519 signature algorithm is described in Chapter
5.1.6 in [I-D.irtf-cfrg-eddsa]. 5.1.6 in [I-D.irtf-cfrg-eddsa].
An Ed448 signature consists of a 114-octet value, which is encoded An Ed448 signature consists of a 114-octet value, which is encoded
into the Signature field of an RRSIG resource record as a simple bit into the Signature field of an RRSIG resource record as a simple bit
string. The Ed448 signature algorithm is described in Chapter 5.2.6 string. The Ed448 signature algorithm is described in Chapter 5.2.6
and verification of the Ed448 signature is described in Chapter 5.2.7 and verification of the Ed448 signature is described in Chapter 5.2.7
in [I-D.irtf-cfrg-eddsa]. in [I-D.irtf-cfrg-eddsa].
skipping to change at page 7, line 11 skipping to change at page 7, line 11
[RFC7748] also apply to the usage of Ed25519 and Ed448 in DNSSEC. [RFC7748] also apply to the usage of Ed25519 and Ed448 in DNSSEC.
Such an assessment could, of course, change in the future if new Such an assessment could, of course, change in the future if new
attacks that work better than the ones known today are found. attacks that work better than the ones known today are found.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.irtf-cfrg-eddsa] [I-D.irtf-cfrg-eddsa]
Josefsson, S. and I. Liusvaara, "Edwards-curve Digital Josefsson, S. and I. Liusvaara, "Edwards-curve Digital
Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-05 Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-08
(work in progress), March 2016. (work in progress), August 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<http://www.rfc-editor.org/info/rfc4033>. <http://www.rfc-editor.org/info/rfc4033>.
skipping to change at page 8, line 18 skipping to change at page 8, line 18
<http://www.rfc-editor.org/info/rfc6982>. <http://www.rfc-editor.org/info/rfc6982>.
Authors' Addresses Authors' Addresses
Ondrej Sury Ondrej Sury
CZ.NIC CZ.NIC
Milesovska 1136/5 Milesovska 1136/5
Praha 130 00 Praha 130 00
CZ CZ
Phone: +420 222 745 111
Email: ondrej.sury@nic.cz Email: ondrej.sury@nic.cz
Robert Edmonds Robert Edmonds
Farsight Security, Inc. Fastly
177 Bovet Rd #180 Atlanta, Georgia
San Mateo, California 94402
US US
Phone: +1 650 489 7919 Email: edmonds@mycre.ws
Email: edmonds@fsi.io
 End of changes. 9 change blocks. 
15 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/