Browse Prior Art Database

Secret Key Establishment for DNS (TKEY RR) (RFC2930)

IP.com Disclosure Number: IPCOM000005112D
Original Publication Date: 2000-Sep-01
Included in the Prior Art Database: 2001-Aug-15
Document File: 17 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake: AUTHOR

Abstract

[RFC 2845] provides a means of authenticating Domain Name System (DNS) queries and responses using shared secret keys via the Transaction Signature (TSIG) resource record (RR). However, it provides no mechanism for setting up such keys other than manual exchange. This document describes a Transaction Key (TKEY) RR that can be used in a number of different modes to establish shared secret keys between a DNS resolver and server.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group D. Eastlake, 3rd Request for Comments: 2930 Motorola Category: Standards Track September 2000

Secret Key Establishment for DNS (TKEY RR)

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

[RFC 2845] provides a means of authenticating Domain Name System (DNS) queries and responses using shared secret keys via the Transaction Signature (TSIG) resource record (RR). However, it provides no mechanism for setting up such keys other than manual exchange. This document describes a Transaction Key (TKEY) RR that can be used in a number of different modes to establish shared secret keys between a DNS resolver and server.

Acknowledgments

The comments and ideas of the following persons (listed in alphabetic order) have been incorporated herein and are gratefully acknowledged:

Olafur Gudmundsson (TIS)

Stuart Kwan (Microsoft)

Ed Lewis (TIS)

Erik Nordmark (SUN)

Brian Wellington (Nominum)

Eastlake Standards Track [Page 1]

RFC 2930 The DNS TKEY RR September 2000

Table of Contents

1. Introduction............................................... 2 1.1 Overview of Contents...................................... 3 2. The TKEY Resource Record................................... 4 2.1 The Name Field............................................ 4 2.2 The TTL Field............................................. 5 2.3 The Algorithm Field....................................... 5 2.4 The Inception and Expiration Fields....................... 5 2.5 The Mode Field............................................ 5 2.6 The Error Field........................................... 6 2.7 The Key Size and Data Fields.............................. 6 2.8 The Other Size and Data Fields............................ 6 3. General TKEY Considerations................................ 7 4. Exchange via Resolver Query................................ 8 4.1 Query for Diffie-Hellman Exchanged Keying................. 8 4.2 Query for TKEY Deletion................................... 9 4.3 Query for GSS-API Establishment........................... 10 4.4 Query for Server Assigned Keying.......................... 10 4.5 Query for Resolver Assigned Keying........................ 11 5. Spontaneous Server Inclusion............................... 12 5.1 Spontaneous Server Key Deletion........................... 12 6. Methods of Encryption...................................... 12 7. IANA Considerations........................................ 13 8. Security Considerations.................................... 13 References.................................................... 14 Author's Address.........................................