Browse Prior Art Database

DNS Request and Transaction Signatures ( SIG(0)s) (RFC2931)

IP.com Disclosure Number: IPCOM000005113D
Original Publication Date: 2000-Sep-01
Included in the Prior Art Database: 2001-Aug-15
Document File: 11 page(s) / 19K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake: AUTHOR

Abstract

Extensions to the Domain Name System (DNS) are described in [RFC 2535] that can provide data origin and transaction integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group D. Eastlake 3rd Request for Comments: 2931 Motorola Updates: 2535 September 2000 Category: Standards Track

DNS Request and Transaction Signatures SIG(0)s

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

Extensions to the Domain Name System (DNS) are described in [RFC 2535] that can provide data origin and transaction integrity and authentication to security aware resolvers and applications through the use of cryptographic digital signatures.

Implementation experience has indicated the need for minor but non- interoperable changes in Request and Transaction signature resource records SIG(0)s ). These changes are documented herein.

Acknowledgments

The contributions and suggestions of the following persons (in alphabetic order) to this memo are gratefully acknowledged:

Olafur Gudmundsson

Ed Lewis

Erik Nordmark

Brian Wellington

Eastlake Standards Track [Page 1]

RFC 2931 DNS SIG(0) September 2000

Table of Contents

1. Introduction................................................. 2 2. SIG(0) Design Rationale...................................... 3 2.1 Transaction Authentication.................................. 3 2.2 Request Authentication...................................... 3 2.3 Keying...................................................... 3 2.4 Differences Between TSIG and SIG(0)......................... 4 3. The SIG(0) Resource Record................................... 4 3.1 Calculating Request and Transaction SIGs.................... 5 3.2 Processing Responses and SIG(0) RRs......................... 6 3.3 SIG(0) Lifetime and Expiration.............................. 7 4. Security Considerations...................................... 7 5. IANA Considerations.......................................... 7 References...................................................... 7 Author's Address................................................ 8 Appendix: SIG(0) Changes from RFC 2535.......................... 9 Full Copyright Statement........................................ 10

1. Introduction

This document makes minor but non-interoperable changes to part of [RFC 2535], familiarity with which is assumed, and includes additional explanatory text. These changes concern SIG Resource Records (RRs) that are used to digitally sign DNS requests and transactions responses. Such a resource record, because it has a type covered field of zero, is frequently called a SIG(0). The changes are based on implementation and attempted implementation experience with TSIG [RFC 2845] and the [RFC 2535] specification for SIG(0).

Sections of [RFC 2535] updated are all of 4.1.8.1 and parts of 4.2...