1 / 9

2929bis etc.

2929bis etc. Donald E. Eastlake 3 rd +1-508-786-7554 Donald.Eastlake@motorola.com. Contents. Security Algorithm Related Drafts draft-ietf-dnsext-ecc-key-08.txt draft-ietf-dnsext-rfc2536bis-dsa-06.txt draft-ietf-dnsext-rfc2539bis-dhk-06.txt

louisa
Download Presentation

2929bis etc.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2929bis etc. Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com IETF DNSEXT

  2. Contents • Security Algorithm Related Drafts • draft-ietf-dnsext-ecc-key-08.txt • draft-ietf-dnsext-rfc2536bis-dsa-06.txt • draft-ietf-dnsext-rfc2539bis-dhk-06.txt • DNS IANA Considerations updated based on extensive discussion at last meeting in Paris • draft-ietf-dnsext-2929bis-01.txt IETF DNSEXT

  3. More on Algorithm Drafts • draft-ietf-dnsext-ecc-key-08.txt • formerly draft-schroeppel-dnsind-ecc-*.txt • Clarified that it also covers signatures using SHA-1. • Could use more feedback on draft, ideally from implementers. • Updates to remove SIG/KEY RR dependency and update DNSSEC RFC references: • draft-ietf-dnsext-rfc2536bis-dsa-06.txt • Updates DSA key/signature RFC • draft-ietf-dnsext-rfc2539bis-dhk-06.txt • Updates Diffie-Hellman key RFC IETF DNSEXT

  4. Elliptic Curve Crypto • A Public Key system. • Keys, signatures, etc., much more compact than RSA. [RFC 3766] • A standard format is needed for interoperability. • There are numerous patents and claims related to implementations, etc. However, NSA will be broadly re-licensing a number of patents for elliptic curves of GF(p) for p a prime greater than 2255. • This draft (-08) defines both a key format and a signature format using Algorithm #4 previously reserved for this purpose and SHA-1 for signatures. IETF DNSEXT

  5. RFC 2929 • RFC 2929 Provided first IANA considerations for RR TYPEs, CLASSes, RCODEs, OpCodes, header bits, etc. • RFD 2929 generally provides some Private Use, some Publication Required, some IETF Consensus, and few reserved or Standards Action required allocation policies. IETF DNSEXT

  6. RFC 2929 (cont.) • Problem: • “IETF Consensus” and even “Specification Required” were considered too hard for allocating Type Codes, so people overload TXT, etc. • Solution? • There initially appeared to be a strong desire for a liberalized version of “Early Allocation” (RFC 4020) which was put in draft -00. • Then there was a backlash with “Expert Review” desired for Type Codes and with most other parameters about as specified in RFC 2929. IETF DNSEXT

  7. RFC 2929bis • Primary Effect: Replace RFC 2929 with a more liberal document • draft-ietf-dnsext-2929bis-01.txt • Changes: • Replace “IETF Consensus” for RR Type Codes with “DNS Type Allocation Policy” • Cover AFSDB Subtypes per IETF Consensus • Augment “IETF Standards Action” for Op Codes with “as modified by [RFC 4020]”. • Provides some Specification Required RCODE allocation • Update references, other very minor changes IETF DNSEXT

  8. RFC 2929bis DNS Type Allocation Policy • About half of the RR Type Codes can be allocated with • Expert Review • after a completed DNS RR Type Allocation Template has been posted for at least three weeks on the namedroppers mailing list. • (most of the other half is “Specification Required”) IETF DNSEXT

  9. DNS RR Type Parameter Allocation Template • Provides for • Date • Name and email of originator • Pointer to detailed RR description document • Need for new RR Type? • Closest existing RR Type • Does new RR Type require special handling different from an Unknown RR Type? IETF DNSEXT

More Related