Network Working Group W. Hardaker
Request for Comments: 4509 Sparta
Category: Standards Track May 2006
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document specifies how to use the SHA-256 digest type in DNS
Delegation Signer (DS) Resource Records (RRs). DS records, when
stored in a parent zone, point to DNSKEYs in a child zone.
Table of Contents
1. Introduction ....................................................2
2. Implementing the SHA-256 Algorithm for DS Record Support ........2
2.1. DS Record Field Values .....................................2
2.2. DS Record with SHA-256 Wire Format .........................3
2.3. Example DS Record Using SHA-256 ............................3
3. Implementation Requirements .....................................3
4. Deployment Considerations .......................................4
5. IANA Considerations .............................................4
6. Security Considerations .........................................4
6.1. Potential Digest Type Downgrade Attacks ....................4
6.2. SHA-1 vs SHA-256 Considerations for DS Records .............5
7. Acknowledgements ................................................5
8. References ......................................................6
8.1. Normative References .......................................6
8.2. Informative References .....................................6
Hardaker Standards Track [Page 1]
RFC 4509 Use of SHA-256 in DNSSEC DS RRs May 2006
1. Introduction
The DNSSEC [RFC4033] [RFC4034] [RFC4035] DS RR is published in parent
zones to distribute a cryptographic digest of one key in a child's
DNSKEY RRset. The DS RRset is signed by at least one of the parent
zone's private zone data signing keys for each algorithm in use by
the parent. Each signature is published in an RRSIG resource record,
owned by the same domain as the DS RRset, with a type covered of DS.
In this document, the key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are to be interpreted as described in [RFC2119].
2. Implementing the SHA-256 Algorithm for DS Record Support
This document specifies that the digest type code 2 has been assigned
to SHA-256 [SHA256] [SHA256CODE] for use within DS records. The
results of the digest algorithm MUST NOT be truncated, and the entire
32 byte digest result is to be published in the DS record.
2.1. DS Record Field Values
Using the SHA-256 digest algorithm within a DS record will make use
of the following DS-record fields:
Digest type: 2
Digest: A SHA-256 bit digest value calculated by using the following
formula ("|" denotes concatenation). The resulting value is not
truncated, and the entire 32 byte result is to be used in the
resulting DS record and related calculations.
digest = SHA_256(DNSKEY owner name | DNSKEY RDATA)
where DNSKEY RDATA is defined by [RFC4034] as:
DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key
The Key Tag field and Algorithm fields remain unchanged by this
document and are specified in the [RFC4034] specification.
Hardaker Standards Track [Page 2]
RFC 4509 Use of SHA-256 in DNSSEC DS RRs May 2006
2.2. DS Record with SHA-256 Wire Format
The resulting on-the-wire format for the resulting DS record will be
as follows:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key Tag | Algorithm | DigestType=2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
datatracker.ietf.org