--- 1/draft-ietf-curdle-dnskey-eddsa-02.txt 2016-12-16 23:13:07.323568076 -0800 +++ 2/draft-ietf-curdle-dnskey-eddsa-03.txt 2016-12-16 23:13:07.339568450 -0800 @@ -1,19 +1,19 @@ Internet Engineering Task Force O. Sury Internet-Draft CZ.NIC Intended status: Standards Track R. Edmonds -Expires: May 19, 2017 Fastly - November 15, 2016 +Expires: June 20, 2017 Fastly + December 17, 2016 EdDSA for DNSSEC - draft-ietf-curdle-dnskey-eddsa-02 + draft-ietf-curdle-dnskey-eddsa-03 Abstract This document describes how to specify EdDSA keys and signatures in DNS Security (DNSSEC). It uses the Edwards-curve Digital Security Algorithm (EdDSA) with the choice of two curves, Ed25519 and Ed448. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -22,21 +22,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 19, 2017. + This Internet-Draft will expire on June 20, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -219,42 +219,37 @@ Some of the material in this document is copied liberally from [RFC6605]. The authors of this document wish to thank Jan Vcelak, Pieter Lexis, Kees Monshouwer, Simon Josefsson, Paul Hoffman and others for a review of this document. 8. IANA Considerations This document updates the IANA registry "Domain Name System Security - (DNSSEC) Algorithm Numbers". The following entry has been added to - the registry: + (DNSSEC) Algorithm Numbers". The following entries have been added + to the registry: +--------------+---------------+---------------+ | Number | TBD1 | TBD2 | | Description | Ed25519 | Ed448 | | Mnemonic | ED25519 | ED448 | | Zone Signing | Y | Y | | Trans. Sec. | * | * | | Reference | This document | This document | +--------------+---------------+---------------+ * There has been no determination of standardization of the use of this algorithm with Transaction Security. 9. Security Considerations - Ed25519 and Ed448 offers improved security properties and - implementation characteristics compared to RSA and ECDSA algorithms, - and the introduction of these algorithms are thus expected to improve - security of DNSSEC. - The security considerations of [I-D.irtf-cfrg-eddsa] and [RFC7748]are inherited in the usage of Ed25519 and Ed448 in DNSSEC. Ed25519 is intended to operate at around the 128-bit security level, and Ed448 at around the 224-bit security level. A sufficiently large quantum computer would be able to break both. Reasonable projections of the abilities of classical computers conclude that Ed25519 is perfectly safe. Ed448 is provided for those applications with relaxed performance requirements and where there is a desire to hedge against analytical attacks on elliptic curves.