Browse Prior Art Database

RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) (RFC3110)

IP.com Disclosure Number: IPCOM000005298D
Original Publication Date: 2001-May-01
Included in the Prior Art Database: 2001-Aug-21
Document File: 8 page(s) / 15K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake 3rd: AUTHOR

Abstract

This document describes how to produce RSA/SHA1 SIG resource records (RRs) in Section 3 and, so as to completely replace RFC 2537, describes how to produce RSA KEY RRs in Section 2.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 22% of the total text.

Network Working Group D. Eastlake 3rd Request for Comments: 3110 Motorola Obsoletes: 2537 May 2001 Category: Standards Track

RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2001). All Rights Reserved.

Abstract

This document describes how to produce RSA/SHA1 SIG resource records (RRs) in Section 3 and, so as to completely replace RFC 2537, describes how to produce RSA KEY RRs in Section 2.

Since the adoption of a Proposed Standard for RSA signatures in the DNS (Domain Name Space), advances in hashing have been made. A new DNS signature algorithm is defined to make these advances available in SIG RRs. The use of the previously specified weaker mechanism is deprecated. The algorithm number of the RSA KEY RR is changed to correspond to this new SIG algorithm. No other changes are made to DNS security.

Acknowledgements

Material and comments from the following have been incorporated and are gratefully acknowledged:

Olafur Gudmundsson

The IESG

Charlie Kaufman

Steve Wang

D. Eastlake 3rd Standards Track [Page 1]

RFC 3110 RSA SIGs and KEYs in the DNS May 2001

Table of Contents

1. Introduction................................................... 2 2. RSA Public KEY Resource Records................................ 3 3. RSA/SHA1 SIG Resource Records.................................. 3 4. Performance Considerations..................................... 4 5. IANA Considerations............................................ 5 6. Security Considerations........................................ 5 References........................................................ 5 Author's Address.................................................. 6 Full Copyright Statement.......................................... 7

1. Introduction

The Domain Name System (DNS) is the global hierarchical replicated distributed database system for Internet addressing, mail proxy, and other information [RFC1034, 1035, etc.]. The DNS has been extended to include digital signatures and cryptographic keys as described in [RFC2535]. Thus the DNS can now be secured and used for secure key distribution.

Familiarity with the RSA and SHA-1 algorithms is assumed [Schneier, FIP180] in this document.

RFC 2537 described how to store RSA keys and RSA/MD5 based signatures in the DNS. However, since the adoption of RFC 2537, continued cryptographic research has revealed hints of weakness in the MD5 [RFC1321] algorithm used in RFC 2537. The...