rfc9558.original | rfc9558.txt | |||
---|---|---|---|---|
Network Working Group B. Makarenko | Independent Submission B. Makarenko | |||
Internet-Draft The Technical center of Internet, LLC | Request for Comments: 9558 The Technical center of Internet, LLC | |||
Intended status: Informational V. Dolmatov, Ed. | Category: Informational V. Dolmatov, Ed. | |||
Expires: 28 July 2024 JSC "NPK Kryptonite" | ISSN: 2070-1721 JSC "NPK Kryptonite" | |||
25 January 2024 | March 2024 | |||
Use of GOST 2012 Signature Algorithms in DNSKEY and RRSIG Resource | Use of GOST 2012 Signature Algorithms in DNSKEY and RRSIG Resource | |||
Records for DNSSEC | Records for DNSSEC | |||
draft-makarenko-gost2012-dnssec-05 | ||||
Abstract | Abstract | |||
This document describes how to produce digital signatures and hash | This document describes how to produce digital signatures and hash | |||
functions using the GOST R 34.10-2012 and GOST R 34.11-2012 | functions using the GOST R 34.10-2012 and GOST R 34.11-2012 | |||
algorithms for DNSKEY, RRSIG, and DS resource records, for use in the | algorithms for DNSKEY, RRSIG, and DS resource records, for use in the | |||
Domain Name System Security Extensions (DNSSEC). | Domain Name System Security Extensions (DNSSEC). | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This document is not an Internet Standards Track specification; it is | |||
provisions of BCP 78 and BCP 79. | published for informational purposes. | |||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This is a contribution to the RFC Series, independently of any other | |||
and may be updated, replaced, or obsoleted by other documents at any | RFC stream. The RFC Editor has chosen to publish this document at | |||
time. It is inappropriate to use Internet-Drafts as reference | its discretion and makes no statement about its value for | |||
material or to cite them other than as "work in progress." | implementation or deployment. Documents approved for publication by | |||
the RFC Editor are not candidates for any level of Internet Standard; | ||||
see Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on 28 July 2024. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9558. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
extracted from this document must include Revised BSD License text as | to this document. | |||
described in Section 4.e of the Trust Legal Provisions and are | ||||
provided without warranty as described in the Revised BSD License. | ||||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction | |||
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology | |||
2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 3 | 2. DNSKEY Resource Records | |||
2.1. Using a Public Key with Existing Cryptographic | 2.1. Using a Public Key with Existing Cryptographic Libraries | |||
Libraries . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.2. GOST DNSKEY RR Example | |||
2.2. GOST DNSKEY RR Example . . . . . . . . . . . . . . . . . 4 | 3. RRSIG Resource Records | |||
3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 4 | 3.1. RRSIG RR Example | |||
3.1. RRSIG RR Example . . . . . . . . . . . . . . . . . . . . 5 | 4. DS Resource Records | |||
4. DS Resource Records . . . . . . . . . . . . . . . . . . . . . 5 | 4.1. DS RR Example | |||
4.1. DS RR Example . . . . . . . . . . . . . . . . . . . . . . 5 | 5. Operational Considerations | |||
5. Operational Considerations . . . . . . . . . . . . . . . . . 6 | 5.1. Key Sizes | |||
5.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5.2. Signature Sizes | |||
5.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . 6 | 5.3. Digest Sizes | |||
5.3. Digest Sizes . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Implementation Considerations | |||
6. Implementation Considerations . . . . . . . . . . . . . . . . 6 | 7. IANA Considerations | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 8. Security Considerations | |||
8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 9. References | |||
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 | 9.1. Normative References | |||
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 9.2. Informative References | |||
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 | Acknowledgments | |||
10.2. Informative References . . . . . . . . . . . . . . . . . 9 | Authors' Addresses | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | ||||
1. Introduction | 1. Introduction | |||
The Domain Name System (DNS) is the global hierarchically distributed | The Domain Name System (DNS) is the global, hierarchically | |||
database for Internet Naming. The DNS has been extended to use | distributed database for Internet Naming. The DNS has been extended | |||
cryptographic keys and digital signatures for the verification of the | to use cryptographic keys and digital signatures for the verification | |||
authenticity and integrity of its data. RFC 4033 [RFC4033], RFC 4034 | of the authenticity and integrity of its data. RFC 4033 [RFC4033], | |||
[RFC4034], and RFC 4035 [RFC4035] describe these DNS Security | RFC 4034 [RFC4034], and RFC 4035 [RFC4035] describe these DNS | |||
Extensions, called DNSSEC. | Security Extensions, called DNSSEC. | |||
RFC 4034 describes how to store DNSKEY and RRSIG resource records, | RFC 4034 describes how to store DNSKEY and RRSIG resource records and | |||
and specifies a list of cryptographic algorithms to use. This | specifies a list of cryptographic algorithms to use. This document | |||
document extends that list with the signature and hash algorithms | extends that list with the signature and hash algorithms GOST R | |||
GOST R 34.10-2012 ([RFC7091]) and GOST R 34.11-2012 ([RFC6986]), and | 34.10-2012 ([RFC7091]) and GOST R 34.11-2012 ([RFC6986]), and it | |||
specifies how to store DNSKEY data and how to produce RRSIG resource | specifies how to store DNSKEY data and how to produce RRSIG resource | |||
records with these algorithms. | records with these algorithms. | |||
Algorithms GOsudarstvennyy STandart(GOST) R 34.10-2012 and GOST R | GOST R 34.10-2012 and GOST R 34.11-2012 are Russian national | |||
34.11-2012 are Russian national standards. Their cryptographic | standards. Their cryptographic properties haven't been independently | |||
properties haven't been independently verified. | verified. | |||
Familiarity with DNSSEC and with GOST signature and hash algorithms | Familiarity with DNSSEC and with GOST signature and hash algorithms | |||
is assumed in this document. | is assumed in this document. | |||
Caution: | ||||
This specification is not a standard and does not have IETF community | ||||
consensus. It makes use of a cryptographic algorithm that is a | ||||
national standard for Russia. Neither the IETF nor the IRTF has | ||||
analyzed that algorithm for suitability for any given application, | ||||
and it may contain either intended or unintended weaknesses. | ||||
1.1. Terminology | 1.1. Terminology | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
2. DNSKEY Resource Records | 2. DNSKEY Resource Records | |||
The format of the DNSKEY RR can be found in RFC 4034 [RFC4034]. | The format of the DNSKEY RR can be found in RFC 4034 [RFC4034]. | |||
GOST R 34.10-2012 public keys are stored with the algorithm number | GOST R 34.10-2012 public keys are stored with the algorithm number | |||
TBA1. | 23. | |||
According to RFC 7091 [RFC7091], a GOST R 34.10-2012 public key is a | According to RFC 7091 [RFC7091], a GOST R 34.10-2012 public key is a | |||
point on the elliptic curve Q = (x,y). The wire representation of a | point on the elliptic curve Q = (x, y). The wire representation of a | |||
public key MUST contain 64 octets, where the first 32 octets contain | public key MUST contain 64 octets, where the first 32 octets contain | |||
the little-endian representation of x and the second 32 octets | the little-endian representation of x and the second 32 octets | |||
contain the little-endian representation of y. | contain the little-endian representation of y. | |||
As RFC 6986 and RFC 7091 allows 2 variants of length of the output | As RFC 6986 and RFC 7091 allow two variants of the length of the | |||
hash and signature and many variants of parameters of the digital | output hash and the signature and many variants of parameters of the | |||
signature, for the purpose of this document we use 256-bit variant of | digital signature, for the purpose of this document we use the | |||
the digital signature algorithm, corresponding 256-bit variant of the | 256-bit variant of the digital signature algorithm, corresponding | |||
digest algorithm. We select the parameters for the digital signature | with the 256-bit variant of the digest algorithm. We select the | |||
algorithm to be id-tc26-gost-3410-2012-256-paramSetA as specified in | parameters for the digital signature algorithm to be id-tc26-gost- | |||
RFC 7836 [RFC7836]. | 3410-2012-256-paramSetA as specified in RFC 7836 [RFC7836]; this | |||
document refers to it as "parameter set A". | ||||
2.1. Using a Public Key with Existing Cryptographic Libraries | 2.1. Using a Public Key with Existing Cryptographic Libraries | |||
At the time of this writing, existing GOST-aware cryptographic | At the time of this writing, existing GOST-aware cryptographic | |||
libraries are capable of reading GOST R 34.10-2012 public keys via a | libraries are capable of reading GOST R 34.10-2012 public keys via a | |||
generic X.509 API if the key is encoded according to RFC 9215 | generic X.509 API if the key is encoded according to RFC 9215 | |||
[RFC9215], Section 4. | [RFC9215], Section 4. | |||
To make this encoding from the wire format of a GOST R 34.10-2012 | To make this encoding from the wire format of a GOST R 34.10-2012 | |||
public key with the parameters used in this document, prepend the 64 | public key with the parameters used in this document, prepend the 64 | |||
skipping to change at page 4, line 14 ¶ | skipping to change at line 159 ¶ | |||
0 92: SEQUENCE { | 0 92: SEQUENCE { | |||
2 23: SEQUENCE { | 2 23: SEQUENCE { | |||
4 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | 4 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | |||
14 11: SEQUENCE { | 14 11: SEQUENCE { | |||
16 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' | 16 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' | |||
: } | : } | |||
: } | : } | |||
27 65: BIT STRING | 27 65: BIT STRING | |||
The OIDs in the structure above represent GOST R 34.10-2012 public | The OIDs in the structure above represent a GOST R 34.10-2012 public | |||
key with 256 bits private key length algorithm and Parameter set A. | key with a 256-bit private key length and parameter set A. The | |||
The structure itself represents SubjectPublicKeyInfo field of an | structure itself represents SubjectPublicKeyInfo field of an X.509 | |||
X.509 certificate as defined in RFC 5280 [RFC5280], Section 4.1. | certificate as defined in RFC 5280 [RFC5280], Section 4.1 | |||
2.2. GOST DNSKEY RR Example | 2.2. GOST DNSKEY RR Example | |||
Given a private key with the following value: | Given a private key with the following value: | |||
Private-key-format: v1.2 | Private-key-format: v1.2 | |||
Algorithm: TBA1 (ECC-GOST12) | Algorithm: 23 (ECC-GOST12) | |||
Gost12Asn1: MD4CAQAwFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBBCD/Mw9o6R5lQHJ13jz0 | Gost12Asn1: MD4CAQAwFwYIKoUDBwEBAQEwCwYJKoUDBwECAQEBBCD/Mw9o6R5lQHJ13 | |||
W+C1tdsS4W7RJn04rk9MGJq3Hg== | jz0W+C1tdsS4W7RJn04rk9MGJq3Hg== | |||
The following DNSKEY RR stores a DNS zone key for example: | The following DNSKEY RR stores a DNS zone key for example: | |||
example. 600 IN DNSKEY 256 3 TBA1 ( | example. 600 IN DNSKEY 256 3 23 ( | |||
XGiiHlKUJd5fSeAK5O3L4tUNCPxs4pGqum6wKbqjdkqu | XGiiHlKUJd5fSeAK5O3L4tUNCPxs4pGqum6wKbqjdkqu | |||
IQ8nOXrilXZ9HcY8b2AETkWrtWHfwvJD4twPPJFQSA== | IQ8nOXrilXZ9HcY8b2AETkWrtWHfwvJD4twPPJFQSA== | |||
) ;{id = 47355 (zsk), size = 512b} | ) ;{id = 47355 (zsk), size = 512b} | |||
The private key here is presented in PrivateKeyInfo ASN.1 structure, | The private key here is presented in PrivateKeyInfo ASN.1 structure, | |||
as described in RFC5208 [RFC5208], Section 5. | as described in RFC 5958 [RFC5958] | |||
Public key can be calculated from the private key using algorithm | The public key can be calculated from the private key using algorithm | |||
described in RFC 7091 [RFC7091]. | described in RFC 7091 [RFC7091]. | |||
[RFC Editor note: Note: Algorithm numbers 23 and 5 are used as an | ||||
example in this document, as actual numbers have not yet been | ||||
assigned. If the assigned values will differ, the example keys and | ||||
signatures will have to be recalculated before the official | ||||
publication of the RFC.] | ||||
3. RRSIG Resource Records | 3. RRSIG Resource Records | |||
The value of the signature field in the RRSIG RR follows RFC 7091 | The value of the signature field in the RRSIG RR follows RFC 7091 | |||
[RFC7091] and is calculated as follows. The values for the RDATA | [RFC7091] and is calculated as follows. The values for the RDATA | |||
fields that precede the signature data are specified in RFC 4034 | fields that precede the signature data are specified in RFC 4034 | |||
[RFC4034]. | [RFC4034]. | |||
hash = GOSTR3411-2012(data) | hash = GOSTR3411-2012(data) | |||
where "data" is the wire format data of the resource record set that | where "data" is the wire format data of the resource record set that | |||
is signed, as specified in RFC 4034 [RFC4034]. | is signed, as specified in RFC 4034 [RFC4034]. | |||
The signature is calculated from the hash according to the GOST R | The signature is calculated from the hash according to GOST R | |||
34.10-2012 standard, and its wire format is compatible with RFC 7091 | 34.10-2012, and its wire format is compatible with RFC 7091 | |||
[RFC7091]. | [RFC7091]. | |||
3.1. RRSIG RR Example | 3.1. RRSIG RR Example | |||
Consider a given RRset consisting of one MX RR to be signed with the | Consider a given RRset consisting of one MX RR to be signed with the | |||
private key described in Section 2.2 of this document: | private key described in Section 2.2 of this document: | |||
example. 600 IN MX 10 mail.example. | example. 600 IN MX 10 mail.example. | |||
Setting the inception date to 2022-10-06 12:32:30 UTC and the | Setting the inception date to 2022-10-06 12:32:30 UTC and the | |||
expiration date to 2022-11-03 12:32:30 UTC, the following signature | expiration date to 2022-11-03 12:32:30 UTC, the following signature | |||
RR will be valid: | RR will be valid: | |||
example. 600 IN RRSIG MX TBA1 1 600 20221103123230 ( | example. 600 IN RRSIG MX 23 1 600 20221103123230 ( | |||
20221006123230 47355 example. | 20221006123230 47355 example. | |||
EuLO0Qpn6zT1pzj9T2H5AWjcgzfmjNiK/vj811bExa0V | EuLO0Qpn6zT1pzj9T2H5AWjcgzfmjNiK/vj811bExa0V | |||
HMOVD9ma8rpf0B+D+V4Q0CWu1Ayzu+H/SyndnOWGxw== | HMOVD9ma8rpf0B+D+V4Q0CWu1Ayzu+H/SyndnOWGxw== | |||
) | ) | |||
The GOST R 34.10-2012 signature algorithm uses random (pseudorandom) | The GOST R 34.10-2012 signature algorithm uses random (pseudorandom) | |||
integer k as described in Section 6.1 of RFC 7091 [RFC7091]. The | integer k as described in Section 6.1 of RFC 7091 [RFC7091]. The | |||
following value for k was used to produce the signature example. | following value for k was used to produce the signature example. | |||
k = 8BBD0CE7CAF3FC1C2503DF30D13ED5DB75EEC44060FA22FB7E29628407C1E34 | k = 8BBD0CE7CAF3FC1C2503DF30D13ED5DB75EEC44060FA22FB7E29628407C1E34 | |||
This value for k MUST NOT be used when computing GOST R 34.10-2012 | This value for k MUST NOT be used when computing GOST R 34.10-2012 | |||
signatures. It is provided only so the above signature example can | signatures. It is provided only so the above signature example can | |||
be reproduced. The actual signature value will differ between | be reproduced. The actual signature value will differ between | |||
signature calculations. | signature calculations. | |||
4. DS Resource Records | 4. DS Resource Records | |||
The GOST R 34.11-2012 digest algorithm is denoted in DS RRs by the | The GOST R 34.11-2012 digest algorithm is denoted in DS RRs by the | |||
digest type TBA2. The wire format of a digest value is compatible | digest type 5. The wire format of a digest value is compatible with | |||
with RFC 6986 [RFC6986]. | RFC 6986 [RFC6986]. | |||
4.1. DS RR Example | 4.1. DS RR Example | |||
For Key Signing Key (KSK): | For Key Signing Key (KSK): | |||
example. IN DNSKEY 257 3 TBA1 ( | example. IN DNSKEY 257 3 23 ( | |||
p8Req8DLJOfPymO5vExuK4gCcihF5N1YL7veCJ47av+w | p8Req8DLJOfPymO5vExuK4gCcihF5N1YL7veCJ47av+w | |||
h/qs9yJpD064k02rYUHfWnr7IjvJlbn3Z0sTZe9GRQ== | h/qs9yJpD064k02rYUHfWnr7IjvJlbn3Z0sTZe9GRQ== | |||
) ;{id = 29468 (ksk), size = 512b} | ) ;{id = 29468 (ksk), size = 512b} | |||
The DS RR will be: | The DS RR will be: | |||
example. IN DS 29468 TBA1 TBA2 ( | example. IN DS 29468 23 5 ( | |||
6033725b0ccfc05d1e9d844d49c6cf89 | 6033725b0ccfc05d1e9d844d49c6cf89 | |||
0b13d5eac9439189947d5db6c8d1c1ec | 0b13d5eac9439189947d5db6c8d1c1ec | |||
) | ) | |||
5. Operational Considerations | 5. Operational Considerations | |||
5.1. Key Sizes | 5.1. Key Sizes | |||
The key size of GOST R 34.10-2012 public keys conforming to this | The key size of GOST R 34.10-2012 public keys conforming to this | |||
specification MUST be 512 bits according to RFC 7091 [RFC7091]. | specification MUST be 512 bits according to RFC 7091 [RFC7091]. | |||
skipping to change at page 6, line 37 ¶ | skipping to change at line 272 ¶ | |||
specification MUST be 512 bits according to RFC 7091 [RFC7091]. | specification MUST be 512 bits according to RFC 7091 [RFC7091]. | |||
5.3. Digest Sizes | 5.3. Digest Sizes | |||
The size of a GOST R 34.11-2012 digest conforming to this | The size of a GOST R 34.11-2012 digest conforming to this | |||
specification MUST be 256 bits according to RFC 6986 [RFC6986]. | specification MUST be 256 bits according to RFC 6986 [RFC6986]. | |||
6. Implementation Considerations | 6. Implementation Considerations | |||
The support of this cryptographic suite in DNSSEC-aware systems is | The support of this cryptographic suite in DNSSEC-aware systems is | |||
OPTIONAL. According to RFC6840 [RFC6840], Section 5.2 systems that | OPTIONAL. According to RFC 6840 [RFC6840], Section 5.2, systems that | |||
do not support these algorithms MUST ignore the RRSIG, DNSKEY and DS | do not support these algorithms MUST ignore the RRSIG, DNSKEY, and DS | |||
resource records associated with the GOST R 34.10-2012 digital | resource records associated with the GOST R 34.10-2012 digital | |||
signature algorithm. | signature algorithm. | |||
[(To be removed in RFC). To check the correctness of the | ||||
implementation, authors recommend using OpenSSL 1.1.1 or 3.0.x | ||||
series, a fork of ldns available at | ||||
https://github.com/beldmit/ldns/tree/gost2012, and a reference | ||||
implementation of GOST crypto algorithms available at | ||||
https://github.com/gost-engine/engine.] | ||||
7. IANA Considerations | 7. IANA Considerations | |||
This document updates the IANA registry "DNS Security Algorithm | The following entry has been added to the IANA registry for "DNS | |||
Numbers". The following entries have been added to the registry: | Security Algorithm Numbers": | |||
Zone Trans. | +========+=============+============+=========+========+===========+ | |||
Value Algorithm Mnemonic Signing Sec. References | | Number | Description | Mnemonic | Zone | Trans. | Reference | | |||
TBA1 GOST R 34.10-2012 ECC-GOST12 Y * RFC TBA | | | | | Signing | Sec. | | | |||
+========+=============+============+=========+========+===========+ | ||||
| 23 | GOST R | ECC-GOST12 | Y | * | RFC 9558 | | ||||
| | 34.10-2012 | | | | | | ||||
+--------+-------------+------------+---------+--------+-----------+ | ||||
This document updates the IANA registry "Digest Algorithms" in the | Table 1 | |||
"Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" | ||||
registry group by adding an entry for the GOST R 34.11-2012 | ||||
algorithm: | ||||
Value Algorithm Status | The following entry has been added to the IANA registry for "Digest | |||
TBA2 GOST R 34.11-2012 OPTIONAL | Algorithms" in the "Delegation Signer (DS) Resource Record (RR) Type | |||
Digest Algorithms" registry group: | ||||
[RFC editor note: For the purpose of example computations, the | +=======+===================+==========+===========+ | |||
following values were used: TBA1 = 23, TBA2 = 5. If the assigned | | Value | Description | Status | Reference | | |||
values will differ, the example keys and signatures will have to be | +=======+===================+==========+===========+ | |||
recalculated before the official publication of the RFC.] | | 5 | GOST R 34.11-2012 | OPTIONAL | RFC 9558 | | |||
+-------+-------------------+----------+-----------+ | ||||
Table 2 | ||||
8. Security Considerations | 8. Security Considerations | |||
It is recommended to use a dual KSK algorithm signed zone until GOST- | It is recommended to use a dual KSK algorithm signed zone until GOST- | |||
aware DNSSEC software become more widespread, unless GOST-only | aware DNSSEC software becomes more widespread, unless GOST-only | |||
cryptography is required. Otherwise, GOST-signed zones may be | cryptography is required. Otherwise, GOST-signed zones may be | |||
considered unsigned by the DNSSEC software currently in use. | considered unsigned by the DNSSEC software currently in use. | |||
Currently, the cryptographic resistance of the GOST R 34.10-2012 | Currently, the cryptographic resistance of the GOST R 34.10-2012 | |||
digital signature algorithm is estimated as 2**128 operations of | digital signature algorithm is estimated as 2^128 operations of | |||
multiple elliptic curve point computations on prime modulus of order | multiple elliptic curve point computations on a prime modulus of | |||
2**256. | order 2^256. | |||
Currently, the cryptographic collision resistance of the GOST R | Currently, the cryptographic collision resistance of the GOST R | |||
34.11-2012 hash algorithm is estimated as 2**128 operations of | 34.11-2012 hash algorithm is estimated as 2^128 operations of | |||
computations of a step hash function. | computations of a step hash function. | |||
9. Acknowledgments | 9. References | |||
This document is a minor extension to RFC 4034 [RFC4034]. Also, we | ||||
tried to follow the documents RFC 3110 [RFC3110], RFC 4509 [RFC4509], | ||||
and RFC 5933 [RFC5933] for consistency. The authors of and | ||||
contributors to these documents are gratefully acknowledged for their | ||||
hard work. | ||||
The following people provided additional feedback, text, and valuable | ||||
assistance: Alexander Venedyukhin, Michael StJohns, Valery Smyslov, | ||||
Tim Wicinski, Stephane Bortzmeyer. | ||||
10. References | ||||
10.1. Normative References | 9.1. Normative References | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the | [RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the | |||
Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110, | Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110, | |||
May 2001, <https://www.rfc-editor.org/info/rfc3110>. | May 2001, <https://www.rfc-editor.org/info/rfc3110>. | |||
skipping to change at page 9, line 5 ¶ | skipping to change at line 373 ¶ | |||
Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines | Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines | |||
on the Cryptographic Algorithms to Accompany the Usage of | on the Cryptographic Algorithms to Accompany the Usage of | |||
Standards GOST R 34.10-2012 and GOST R 34.11-2012", | Standards GOST R 34.10-2012 and GOST R 34.11-2012", | |||
RFC 7836, DOI 10.17487/RFC7836, March 2016, | RFC 7836, DOI 10.17487/RFC7836, March 2016, | |||
<https://www.rfc-editor.org/info/rfc7836>. | <https://www.rfc-editor.org/info/rfc7836>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
10.2. Informative References | 9.2. Informative References | |||
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer | [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer | |||
(DS) Resource Records (RRs)", RFC 4509, | (DS) Resource Records (RRs)", RFC 4509, | |||
DOI 10.17487/RFC4509, May 2006, | DOI 10.17487/RFC4509, May 2006, | |||
<https://www.rfc-editor.org/info/rfc4509>. | <https://www.rfc-editor.org/info/rfc4509>. | |||
[RFC5208] Kaliski, B., "Public-Key Cryptography Standards (PKCS) #8: | ||||
Private-Key Information Syntax Specification Version 1.2", | ||||
RFC 5208, DOI 10.17487/RFC5208, May 2008, | ||||
<https://www.rfc-editor.org/info/rfc5208>. | ||||
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
<https://www.rfc-editor.org/info/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
[RFC5933] Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of | [RFC5933] Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of | |||
GOST Signature Algorithms in DNSKEY and RRSIG Resource | GOST Signature Algorithms in DNSKEY and RRSIG Resource | |||
Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July | Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July | |||
2010, <https://www.rfc-editor.org/info/rfc5933>. | 2010, <https://www.rfc-editor.org/info/rfc5933>. | |||
[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, | ||||
DOI 10.17487/RFC5958, August 2010, | ||||
<https://www.rfc-editor.org/info/rfc5958>. | ||||
[RFC9215] Baryshkov, D., Ed., Nikolaev, V., and A. Chelpanov, "Using | [RFC9215] Baryshkov, D., Ed., Nikolaev, V., and A. Chelpanov, "Using | |||
GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with | GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with | |||
the Internet X.509 Public Key Infrastructure", RFC 9215, | the Internet X.509 Public Key Infrastructure", RFC 9215, | |||
DOI 10.17487/RFC9215, March 2022, | DOI 10.17487/RFC9215, March 2022, | |||
<https://www.rfc-editor.org/info/rfc9215>. | <https://www.rfc-editor.org/info/rfc9215>. | |||
Acknowledgments | ||||
This document is a minor extension to RFC 4034 [RFC4034]. Also, we | ||||
tried to follow the documents RFC 3110 [RFC3110], RFC 4509 [RFC4509], | ||||
and RFC 5933 [RFC5933] for consistency. The authors of and | ||||
contributors to these documents are gratefully acknowledged for their | ||||
hard work. | ||||
The following people provided additional feedback, text, and valuable | ||||
assistance: Alexander Venedyukhin, Michael StJohns, Valery Smyslov, | ||||
Tim Wicinski, and Stéphane Bortzmeyer. | ||||
Authors' Addresses | Authors' Addresses | |||
Boris Makarenko | Boris Makarenko | |||
The Technical center of Internet, LLC | The Technical center of Internet, LLC | |||
8 marta str., 1, bld 12 | 8 marta St., 1, Bldg. 12 | |||
Moscow | Moscow | |||
127083 | 127083 | |||
Russian Federation | Russian Federation | |||
Email: bmakarenko@tcinet.ru | Email: bmakarenko@tcinet.ru | |||
Vasily Dolmatov (editor) | Vasily Dolmatov (editor) | |||
JSC "NPK Kryptonite" | JSC "NPK Kryptonite" | |||
Spartakovskaya sq., 14, bld 2, JSC "NPK Kryptonite" | Spartakovskaya Sq., 14, Bldg. 2 | |||
Moscow | Moscow | |||
105082 | 105082 | |||
Russian Federation | Russian Federation | |||
Email: vdolmatov@gmail.com | Email: vdolmatov@gmail.com | |||
End of changes. 44 change blocks. | ||||
146 lines changed or deleted | 141 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |