Diff: draft-ietf-curdle-dnskey-eddsa-00.txt - draft-ietf-curdle-dnskey-eddsa-01.txt

	draft-ietf-curdle-dnskey-eddsa-00.txt	draft-ietf-curdle-dnskey-eddsa-01.txt

	Internet Engineering Task Force O. Sury	Internet Engineering Task Force O. Sury
	Internet-Draft CZ.NIC	Internet-Draft CZ.NIC
	Intended status: Standards Track R. Edmonds	Intended status: Standards Track R. Edmonds

	Expires: October 20, 2016 Farsight Security, Inc.	Expires: April 13, 2017 Fastly
	April 18, 2016	October 10, 2016

	EdDSA for DNSSEC	EdDSA for DNSSEC

	draft-ietf-curdle-dnskey-eddsa-00	draft-ietf-curdle-dnskey-eddsa-01

	Abstract	Abstract

	This document describes how to specify EdDSA keys and signatures in	This document describes how to specify EdDSA keys and signatures in
	DNS Security (DNSSEC). It uses the Edwards-curve Digital Security	DNS Security (DNSSEC). It uses the Edwards-curve Digital Security
	Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448.	Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448.

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the

	skipping to change at page 1, line 33 ¶	skipping to change at page 1, line 33 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on October 20, 2016.	This Internet-Draft will expire on April 13, 2017.

	Copyright Notice	Copyright Notice

	Copyright (c) 2016 IETF Trust and the persons identified as the	Copyright (c) 2016 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents

	skipping to change at page 3, line 13 ¶	skipping to change at page 3, line 13 ¶
	in [I-D.irtf-cfrg-eddsa].	in [I-D.irtf-cfrg-eddsa].

	An Ed448 public key consists of a 57-octet value, which is encoded	An Ed448 public key consists of a 57-octet value, which is encoded
	into the Public Key field of a DNSKEY resource record as a simple bit	into the Public Key field of a DNSKEY resource record as a simple bit
	string. The generation of a public key is defined in Chapter 5.2.5	string. The generation of a public key is defined in Chapter 5.2.5
	in [I-D.irtf-cfrg-eddsa].	in [I-D.irtf-cfrg-eddsa].

	4. RRSIG Resource Records	4. RRSIG Resource Records

	In Chapter 10.3 in [I-D.irtf-cfrg-eddsa], the use of a context label	In Chapter 10.3 in [I-D.irtf-cfrg-eddsa], the use of a context label

	is described. EdDSA signatures in this scheme use the 17-octet	is described. EdDSA signatures in this scheme use the 12-octet
	context label 'DNSSEC SIGNATURE\0' (where \0 represents a zero-valued	context label 'DNSSECRRSIG\0' (where \0 represents a zero-valued
	octet).	octet).


	(Note: Only Ed448 has the Context specified. Before publishing the
	final draft we need to specify what to do with Ed25519 Context.)

	An Ed25519 signature consists of a 64-octet value, which is encoded	An Ed25519 signature consists of a 64-octet value, which is encoded
	into the Signature field of an RRSIG resource record as a simple bit	into the Signature field of an RRSIG resource record as a simple bit
	string. The Ed25519 signature algorithm is described in Chapter	string. The Ed25519 signature algorithm is described in Chapter
	5.1.6 in [I-D.irtf-cfrg-eddsa].	5.1.6 in [I-D.irtf-cfrg-eddsa].

	An Ed448 signature consists of a 114-octet value, which is encoded	An Ed448 signature consists of a 114-octet value, which is encoded
	into the Signature field of an RRSIG resource record as a simple bit	into the Signature field of an RRSIG resource record as a simple bit
	string. The Ed448 signature algorithm is described in Chapter 5.2.6	string. The Ed448 signature algorithm is described in Chapter 5.2.6
	and verification of the Ed448 signature is described in Chapter 5.2.7	and verification of the Ed448 signature is described in Chapter 5.2.7
	in [I-D.irtf-cfrg-eddsa].	in [I-D.irtf-cfrg-eddsa].

	skipping to change at page 7, line 11 ¶	skipping to change at page 7, line 11 ¶
	[RFC7748] also apply to the usage of Ed25519 and Ed448 in DNSSEC.	[RFC7748] also apply to the usage of Ed25519 and Ed448 in DNSSEC.
	Such an assessment could, of course, change in the future if new	Such an assessment could, of course, change in the future if new
	attacks that work better than the ones known today are found.	attacks that work better than the ones known today are found.

	11. References	11. References

	11.1. Normative References	11.1. Normative References

	[I-D.irtf-cfrg-eddsa]	[I-D.irtf-cfrg-eddsa]
	Josefsson, S. and I. Liusvaara, "Edwards-curve Digital	Josefsson, S. and I. Liusvaara, "Edwards-curve Digital

	Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-05	Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-08
	(work in progress), March 2016.	(work in progress), August 2016.

	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,	Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997,	DOI 10.17487/RFC2119, March 1997,
	<http://www.rfc-editor.org/info/rfc2119>.	<http://www.rfc-editor.org/info/rfc2119>.

	[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.	[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
	Rose, "DNS Security Introduction and Requirements",	Rose, "DNS Security Introduction and Requirements",
	RFC 4033, DOI 10.17487/RFC4033, March 2005,	RFC 4033, DOI 10.17487/RFC4033, March 2005,
	<http://www.rfc-editor.org/info/rfc4033>.	<http://www.rfc-editor.org/info/rfc4033>.

	skipping to change at page 8, line 18 ¶	skipping to change at page 8, line 18 ¶
	<http://www.rfc-editor.org/info/rfc6982>.	<http://www.rfc-editor.org/info/rfc6982>.

	Authors' Addresses	Authors' Addresses

	Ondrej Sury	Ondrej Sury
	CZ.NIC	CZ.NIC
	Milesovska 1136/5	Milesovska 1136/5
	Praha 130 00	Praha 130 00
	CZ	CZ


	Phone: +420 222 745 111
	Email: ondrej.sury@nic.cz	Email: ondrej.sury@nic.cz

	Robert Edmonds	Robert Edmonds

	Farsight Security, Inc.	Fastly
	177 Bovet Rd #180	Atlanta, Georgia
	San Mateo, California 94402
	US	US


	Phone: +1 650 489 7919	Email: edmonds@mycre.ws
	Email: edmonds@fsi.io

End of changes. 9 change blocks.
	15 lines changed or deleted	10 lines changed or added
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/