One document matched: draft-schmidt-brainpool-dnssec-00.txt
Network Working Group J. Schmidt
Internet-Draft J. Merkle
Updates: 6605 (if approved) secunet Security Networks
Intended status: Informational M. Lochter
Expires: September 22, 2014 BSI
March 21, 2014
ECC Brainpool Curves for DNSSEC
draft-schmidt-brainpool-dnssec-00
Abstract
This document specifies the use of ECDSA with ECC Brainpool curves in
DNS Security (DNSSEC). It comprises curves of three different sizes.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 22, 2014.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Schmidt, et al. Expires September 22, 2014 [Page 1]
Internet-Draft ECC Brainpool Curves for TLS March 2014
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Terminology . . . . . . . . . . . . . . . . . . 2
3. SHA-384/512 DS Records . . . . . . . . . . . . . . . . . . . 2
4. ECDSA Parameters . . . . . . . . . . . . . . . . . . . . . . 2
5. DNSKEY and RRSIG Resource Records for ECDSA . . . . . . . . . 3
6. Support for NSEC3 Denial of Existence . . . . . . . . . . . . 3
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
8. Security Considerations . . . . . . . . . . . . . . . . . . . 4
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
9.1. Normative References . . . . . . . . . . . . . . . . . . 4
9.2. Informative References . . . . . . . . . . . . . . . . . 5
1. Introduction
In [RFC5639] a new set of elliptic curve groups over finite prime
fields for use in cryptographic applications is specified. These
groups, denoted as ECC Brainpool curves, were generated in a
verifiable pseudo-random way and comply with the security
requirements of relevant standards from ISO [ISO1] [ISO2], ANSI
[ANSI1], NIST [FIPS-186-4], and SecG [SEC2].
[RFC6605] defines the usage of the Elliptic Curve Digital Signature
Algorithm (ECDSA) in DNSSEC with two specific NIST curves. This
document specifies the use of three additional curves from [RFC5639].
Details on Elliptic Curves and the implementation of ECDSA can be
found e.g. in [SEC1], [HMV], [BSI1], and [RFC6090].
2. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. SHA-384/512 DS Records
The SHA-384 record is defined according to [RFC6605]. The algorithms
SHA-384 and SHA-512 are specified in [FIPS-180-4] and [RFC6234] and
are implemented in DNSSEC the same way as SHA-256 in [RFC4509]. For
SHA-384 the digest size is 48 byte with digest type code 4, for
SHA-512 the digest size is 64 bytes with digest type code TBD1.
4. ECDSA Parameters
Signer and verifier of an ECDSA signature need to agree on a set of
parameters to be used. This document makes use of the Brainpool
curves with the bit-sizes 256, 384, and 512 specified in Section 3.4,
Schmidt, et al. Expires September 22, 2014 [Page 2]
Internet-Draft ECC Brainpool Curves for TLS March 2014
3.6 and 3.7 of [RFC5639], denoted as Brainpool P256r1, Brainpool
P384r1, and Brainpool P512r1, respectively.
5. DNSKEY and RRSIG Resource Records for ECDSA
The records are defined as in [RFC6605]: The "Q" value of the ECDSA
keys according to [FIPS-186-4] is encoded as the bit string "x|y",
representing the concatenation of the x and y coordinates of the
uncompressed curve point. An ECDSA signature is composed of the
integer values "r" and "s" (see [FIPS-186-4]). Each integer value is
encoded as bit string of 32 octets for Brainpool P256r1, of 48 octets
for Brainpool P384r1 and of 64 octets for Brainpool P512r1. The
conversion of integers in bit strings is specified in Section C.2 of
[FIPS-186-4]. The signature for DNSSEC is encoded as concatenation
of the bit strings of "r" and "s", i.e. as "r|s".
The IANA Considerations section defines the algorithm numbers used
for DNSKEY and RRSIG resource records.
Algorithm number TBD2 for using ECDSA with Brainpool P256r1 and
SHA-256 for DNSKEY and RRSIG Resource Records.
Algorithm number TBD3 for using ECDSA with Brainpool P384r1 and
SHA-384 for DNSKEY and RRSIG Resource Records.
Algorithm number TBD4 for using ECDSA with Brainpool P512r1 and
SHA-512 for DNSKEY and RRSIG Resource Records.
The use of these algorithms is OPTIONAL, an implementer can choose to
support any subset.
6. Support for NSEC3 Denial of Existence
The statement of [RFC6605] applys.
7. IANA Considerations
IANA is requested to update the registry "Delegation Signer (DS)
Resource Record (RR) Type Digest Algorithms" and add the following
entry for the digest function SHA-512 as listed in Section 3.
Value TBD1
Digest Type SHA-512
Status OPTIONAL
IANA is requested to assign numbers for ECDSA with ECC Brainpool
curves listed in Section 4 to "Domain Name System Security (DNSSEC)
Schmidt, et al. Expires September 22, 2014 [Page 3]
Internet-Draft ECC Brainpool Curves for TLS March 2014
Algorithm Numbers". In the following the three new entries are
listed.
Number TBD2
Description ECDSA Curve Brainpool P256r1 with SHA-256
Mnemonic ECDSAbrainpoolP256r1SHA256
Zone Signing Y
Trans. Sec *
Reference This document
Number TBD3
Description ECDSA Curve Brainpool P384r1 with SHA-384
Mnemonic ECDSAbrainpoolP384r1SHA384
Zone Signing Y
Trans. Sec *
Reference This document
Number TBD4
Description ECDSA Curve Brainpool P512r1 with SHA-512
Mnemonic ECDSAbrainpoolP512r1SHA512
Zone Signing Y
Trans. Sec *
Reference This document
* There has been no determination of standardization of the use of
this algorithm with Transaction Security.
8. Security Considerations
The security considerations of [RFC5639], [RFC6605], and [RFC4509]
apply accordingly.
9. References
9.1. Normative References
[FIPS-180-4]
National Institute of Standards and Technology, "Secure
Hash Standard (SHS)", FIPS PUB 180-4, March 2012.
[FIPS-186-4]
National Institute of Standards and Technology, "Digital
Signature Standard (DSS)", FIPS PUB 186-4, July 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Schmidt, et al. Expires September 22, 2014 [Page 4]
Internet-Draft ECC Brainpool Curves for TLS March 2014
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer
(DS) Resource Records (RRs)", RFC 4509, May 2006.
[RFC5639] Lochter, M. and J. Merkle, "Elliptic Curve Cryptography
(ECC) Brainpool Standard Curves and Curve Generation", RFC
5639, March 2010.
[RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital
Signature Algorithm (DSA) for DNSSEC", RFC 6605, April
2012.
9.2. Informative References
[ANSI1] American National Standards Institute, "Public Key
Cryptography For The Financial Services Industry: The
Elliptic Curve Digital Signature Algorithm (ECDSA)", ANSI
X9.62, 2005.
[BSI1] Bundesamt fuer Sicherheit in der Informationstechnik,
"Minimum Requirements for Evaluating Side-Channel Attack
Resistance of Elliptic Curve Implementations", July 2011.
[HMV] Hankerson, D., Menezes, A., and S. Vanstone, "Guide to
Elliptic Curve Cryptography", Springer Verlag, 2004.
[ISO1] International Organization for Standardization,
"Information Technology - Security Techniques - Digital
Signatures with Appendix - Part 3: Discrete Logarithm
Based Mechanisms", ISO/IEC 14888-3, 2006.
[ISO2] International Organization for Standardization,
"Information Technology - Security Techniques -
Cryptographic Techniques Based on Elliptic Curves - Part
2: Digital signatures", ISO/IEC 15946-2, 2002.
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090, February 2011.
[RFC6234] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.
[SEC1] Certicom Research, "Elliptic Curve Cryptography",
Standards for Efficient Cryptography (SEC) 1, September
2000.
[SEC2] Certicom Research, "Recommended Elliptic Curve Domain
Parameters", Standards for Efficient Cryptography (SEC) 2,
September 2000.
Schmidt, et al. Expires September 22, 2014 [Page 5]
Internet-Draft ECC Brainpool Curves for TLS March 2014
Authors' Addresses
Joern-Marc Schmidt
secunet Security Networks
Mergenthaler Allee 77
65760 Eschborn
Germany
Phone: +49 201 5454 3694
EMail: joern-marc.schmidt@secunet.com
Johannes Merkle
secunet Security Networks
Mergenthaler Allee 77
65760 Eschborn
Germany
Phone: +49 201 5454 3091
EMail: johannes.merkle@secunet.com
Manfred Lochter
BSI
Postfach 200363
53133 Bonn
Germany
Phone: +49 228 9582 5643
EMail: manfred.lochter@bsi.bund.de
Schmidt, et al. Expires September 22, 2014 [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-24 04:23:26 |