[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[IPSECKEY] new registry text



-----BEGIN PGP SIGNED MESSAGE-----


My web site, www.sandelman.ca/SSW/ietf/ipsec/key/ contains an -06 revision
that I have asked the ID editor to publish.

Relevant changed text:

2.3 RDATA format - algorithm type

   The algorithm type field identifies the public key's cryptographic
   algorithm and determines the format of the public key field.

   The public key field contains the algorithm-specific portion of the
   KEY RR RDATA, omitting the first four octets of the KEY RR RDATA.
   This is the same portion of the KEY RR that must be specified by
   documents that define a DNSSEC algorithm.  Those documents also
   specify a message digest to be used for generation of SIG RRs; that
   specification is not relevant to the IPSECKEY usage of the public key
   format.

|  A value of 0 indicates that no key is present.

|  The following values are defined:

|  1  A DSA key is present, in the format defined in RFC2536 [10]

|  2  A RSA key is present, in the format defined in RFC3110 [11]


|2.6.1 Example: RSA public keys

|  An algorithm type of 2 identifies an RSA public key, encoded as
|  described in section 2 of RFC3110.  The encoding of RSA/MD5 KEYs
|  (type 1) specified in RFC2537 is the same as that defined in RFC3110.

|  The earlier definition of RSA/MD5 in RFC2065 limited the exponent and
|  modulus to 2552 bits in length.  RFC3110 extended that limit to 4096
|  bits for RSA/SHA1 keys.  The IPSECKEY RR imposes no length limit on
|  type 5 public keys, other than the 65535 octet limit imposed by the
|  two-octet length encoding.  This length extension is applicable only
|  to IPSECKEY and not to KEY RRs.

...

5. IANA Considerations

   This document updates the IANA Registry for DNS Resource Record Types
   by assigning type X to the IPSECKEY record.

|  This document creates an IANA registry for the algorithm type field.

|  The algorithm field has assigned values 0, 1 and 2.  Algorithm
|  numbers 3 through 255 can be assigned by IETF Consensus (see RFC2434
|  [5]).


]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [







































|Richardson             Expires January 25, 2004               [Page 11]

|Internet-Draft                  ipsecrr                       July 2003


6. Acknowledgments

|  My thanks to Paul Hoffman, Sam Weiler, Jean-Jacques Puig, Rob
|  Austein, and Olafur Gurmundsson who reviewed this document carefully.
|  Additional thanks to Olafur Gurmundsson for a reference
|  implementation.













































|Richardson             Expires January 25, 2004               [Page 12]

|Internet-Draft                  ipsecrr                       July 2003


Normative references

   [1]  Mockapetris, P., "Domain names - concepts and facilities", STD
        13, RFC 1034, November 1987.

   [2]  Mockapetris, P., "Domain names - implementation and
        specification", STD 13, RFC 1035, November 1987.

   [3]  Bradner, S., "The Internet Standards Process -- Revision 3", BCP
        9, RFC 2026, October 1996.

   [4]  Eastlake, D. and C. Kaufman, "Domain Name System Security
        Extensions", RFC 2065, January 1997.

|  [5]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
|       Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.



































|Richardson             Expires January 25, 2004               [Page 13]

|Internet-Draft                  ipsecrr                       July 2003


Non-normative references

|  [6]   Thomson, S. and C. Huitema, "DNS Extensions to support IP
         version 6", RFC 1886, December 1995.

|  [7]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

|  [8]   Piper, D., "The Internet IP Security Domain of Interpretation
         for ISAKMP", RFC 2407, November 1998.

|  [9]   Eastlake, D., "Domain Name System Security Extensions", RFC
         2535, March 1999.

|  [10]  Eastlake, D., "DSA KEYs and SIGs in the Domain Name System
         (DNS)", RFC 2536, March 1999.

|  [11]  Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name
         System (DNS)", RFC 3110, May 2001.

|  [12]  Massey, D. and S. Rose, "Limiting the Scope of the KEY Resource
         Record (RR)", RFC 3445, December 2002.


Author's Address

   Michael C. Richardson
   Sandelman Software Works
   470 Dawson Avenue
   Ottawa, ON  K1Z 5V7
   CA

   EMail: mcr@sandelman.ottawa.on.ca
   URI:   http://www.sandelman.ottawa.on.ca/

















|Richardson             Expires January 25, 2004               [Page 14]

|Internet-Draft                  ipsecrr                       July 2003


Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















|Richardson             Expires January 25, 2004               [Page 15]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat

iQCVAwUBPyRcnoqHRg3pndX9AQHT+QP+NLTsJuljaWG/UYGZkvXrjwCZ0E60jeiP
YhSc82dzau+JDxI9Pp3jn3VIQMEQz9CIzBN8Hm4FKIE7UYa58Afwgenv7p69Zsu9
Z4okJI2njenzQPOcuLkXnlLYUUeSHJCMdaWX7oImnCt7LhMyKpnnzZrm2CP3r7tG
g8xF4CE8R84=
=d/7j
-----END PGP SIGNATURE-----
-
This is the IPSECKEY@sandelman.ca list.
Email to ipseckey-request@sandelman.ca to be removed.