Internet Engineering Task Force J. Jansen
Internet-Draft SIDN
Intended status: Experimental M. Sivaraman
Expires: October 10, 2017 Internet Systems Consortium
April 8, 2017
Use of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC
draft-muks-dnsop-dnssec-sha3-01
Abstract
This document specifies the use of SHA-3 (Keccak) hash functions in
DNSSEC. It also specifies the use of the RSASSA-PSS signature scheme
for RSA keys.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 10, 2017.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jansen & Sivaraman Expires October 10, 2017 [Page 1]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Implementations (Editor: to be removed before
publication) . . . . . . . . . . . . . . . . . . . . . . 4
2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 4
2.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signing keys . . . 5
2.2. ECDSA/SHA-3 signing keys . . . . . . . . . . . . . . . . 5
3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 5
3.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signatures . . . . 5
3.2. ECDSA/SHA-3 signatures . . . . . . . . . . . . . . . . . 6
4. DS Resource Records . . . . . . . . . . . . . . . . . . . . . 6
4.1. SHA3-256 digest type DS Resource Records . . . . . . . . 6
4.2. SHA3-384 digest type DS Resource Records . . . . . . . . 7
5. Deployment Considerations . . . . . . . . . . . . . . . . . . 7
5.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 7
5.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . 7
5.3. DS Sigest Sizes . . . . . . . . . . . . . . . . . . . . . 7
6. Implementation Considerations . . . . . . . . . . . . . . . . 7
6.1. Support for SHA-3 Signatures . . . . . . . . . . . . . . 7
6.2. Support for SHA-3 DS Digest Types . . . . . . . . . . . . 7
6.3. Support for NSEC3 Denial of Existence . . . . . . . . . . 8
7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1. RSA/SHA2-256 (RSASSA-PSS) Key and Signature . . . . . . . 8
7.2. RSA/SHA2-512 (RSASSA-PSS) Key and Signature . . . . . . . 10
7.3. RSA/SHA3-256 (RSASSA-PSS) Key and Signature . . . . . . . 12
7.4. RSA/SHA3-384 (RSASSA-PSS) Key and Signature . . . . . . . 14
7.5. RSA/SHA3-512 (RSASSA-PSS) Key and Signature . . . . . . . 16
7.6. ECDSA Curve P-256 with SHA3-256 Key and Signature . . . . 18
7.7. ECDSA Curve P-384 with SHA3-384 Key and Signature . . . . 20
7.8. SHA3-256 as DS Digest Type . . . . . . . . . . . . . . . 21
7.9. SHA3-384 as DS Digest Type . . . . . . . . . . . . . . . 21
8. Security considerations . . . . . . . . . . . . . . . . . . . 22
8.1. Considerations for RRSIG Resource Records . . . . . . . . 22
8.2. Signature Type Downgrade Attacks . . . . . . . . . . . . 22
9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 22
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 23
11.1. Normative references . . . . . . . . . . . . . . . . . . 23
11.2. Informative references . . . . . . . . . . . . . . . . . 25
Appendix A. Change history (Editor: to be removed before
publication) . . . . . . . . . . . . . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
Jansen & Sivaraman Expires October 10, 2017 [Page 2]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
1. Introduction
The Domain Name System (DNS) is the global, hierarchical distributed
database for Internet Naming. The DNS has been extended to use
cryptographic keys and digital signatures for the verification of the
authenticity and integrity of its data. [RFC4033], [RFC4034], and
[RFC4035] describe these DNS Security Extensions, called DNSSEC.
[RFC4033] described how to store DNSKEY and RRSIG resource records,
and specified a list of cryptographic algorithms to use. It was
updated by [RFC5702] to add the SHA-2 family of hash algorithms using
the RSASSA-PKCS1-v1_5 signature scheme [RFC3447].
PKCS #1 v2.1 [RFC3447] introduced RSASSA-PSS which is a much better
signature scheme than RSASSA-PKCS1-v1_5. The main advantage of
RSASSA-PSS over RSASSA-PKCS1-v1_5 is that analysis can relate its
security to that of the RSA problem (Section 8.1 of [RFC8017]),
whereas the connection of RSASSA-PKCS1-v1_5 to the RSA problem has
not been proved. With RSASSA-PSS, an attacker also does not know in
advance what the encoded message EM will be due to the use of random
salt that makes fault analysis attacks more difficult to mount.
Although no attacks are known against RSASSA-PKCS1-v1_5, in the
interest of increased robustness, RSASSA-PSS is REQUIRED in new
applications (Section 8 of [RFC8017]).
SHA-3 is a family of hash functions based on the cryptographic
primitive family Keccak. [FIPS.202.2015] states: "The four SHA-3
hash functions in this Standard supplement the hash functions that
are specified in [FIPS.180-4.2015]: SHA-1 and the SHA-2 family.
Together, both Standards provide resilience against future advances
in hash function analysis, because they rely on fundamentally
different design principles." Now that SHA-1's security is known to
be weakened and the SHA-2 hash algorithms are currently the last line
of defence for use with RSA in DNSKEYs, and in DS records, it is
sensible to introduce the SHA-3 hash function family to DNSSEC now to
prepare for any eventuality. The SHA-3 hash function family uses a
sponge construction algorithm that is different from the SHA-2 hash
function family which uses a Merkle-Damgaerd construction, so the
possibility that an attack on SHA-2 will affect SHA-3 or vice versa
is unlikely.
This document extends the list of DNSKEY algorithms with the RSASSA-
PSS signature scheme [RFC8017] using the SHA-2 and SHA-3 family of
hash functions. It also adds DNSKEY algorithms for ECDSA using the
SHA-3 family of hash functions.
[RFC3658] first described the use of DS resource records. It was
updated by [RFC4509] and [RFC6605] to add SHA-256 and SHA-384 digest
Jansen & Sivaraman Expires October 10, 2017 [Page 3]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
types respectively. This document extends that list with the SHA-3
algorithms SHA3-256 and SHA3-384.
Familiarity with DNSSEC, RSA, ECDSA, and the SHA-2 [FIPS.180-4.2015]
and SHA-3 [FIPS.202.2015] hash function families is assumed in this
document.
To refer to SHA2-256 and SHA2-512, this document will use the name
SHA-2. Similarly, to refer to SHA3-256, SHA3-384, and SHA3-512, this
document will use the name SHA-3. This is done to improve
readability. When a part of text is specific for a particular SHA-2
or SHA-3 hash function, their specific names are used. The same goes
for RSA/SHA3-256 and RSA/SHA3-512 which will be grouped using the
name RSA/SHA-2, and RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512,
which will be grouped using the name RSA/SHA-3.
The SHA2-224, SHA2-384, and SHA3-224 algorithms are not used in
RSASSA-PSS DNSKEYs and RRSIGs. The SHA3-512 algorithm is not used in
ECDSA with SHA-3. The SHA3-224 and SHA3-512 algorithms are not used
as DS digest types.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.1. Implementations (Editor: to be removed before publication)
An experimental BIND implementation of this draft can be found in the
"sha3" branch in the git repository at: https://github.com/muks/bind9
There is also an experimental implementation based on the ldns
library, which can be found in the "sha3_and_pss" branch in the git
repository at https://github.com/tjeb/ldns.
These can be used to check for interoperability by other DNSSEC
implementations.
2. DNSKEY Resource Records
The format of the DNSKEY RR can be found in [RFC4034]. [RFC3110] and
[RFC5702] describe the use of RSASSA-PKCS1-v1_5 signature scheme with
SHA-1 and SHA-2 hash functions for DNSSEC signatures respectively.
[RFC6605] describes the use of ECDSA with SHA-2 in DNSSEC.
Jansen & Sivaraman Expires October 10, 2017 [Page 4]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
2.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signing keys
RSA public keys for use with RSASSA-PSS signature scheme using SHA-2
and SHA-3 hash functions are stored in DNSKEY resource records (RRs)
with the algorithm numbers as specified in Section 9.
The key size of RSA/SHA2-256 and RSA/SHA3-256 keys MUST NOT be less
than 1024 bits and MUST NOT be more than 4096 bits. This also
satisfies a requirement of the RSASSA-PSS signature scheme that for a
hash function that outputs a 256-bit value, the RSA modulus be at
least 522 bits long.
The key size of RSA/SHA3-384 keys MUST NOT be less than 1024 bits and
MUST NOT be more than 4096 bits. This also satisfies a requirement
of the RSASSA-PSS signature scheme that for a hash function that
outputs a 384-bit value, the RSA modulus be at least 778 bits long.
The key size of RSA/SHA2-512 and RSA/SHA3-512 keys MUST NOT be less
than 1280 bits and MUST NOT be more than 4096 bits. This also
satisfies a requirement of the RSASSA-PSS signature scheme that for a
hash function that outputs a 512-bit value, the RSA modulus be at
least 1034 bits long.
2.2. ECDSA/SHA-3 signing keys
P-256 and P-384 ECDSA public keys for use with SHA3-256 and SHA3-384
hash functions are stored in DNSKEY resource records (RRs) with the
algorithm numbers as specified in Section 9.
The generation of P-256 and P-384 ECDSA keys follows the same method
as for [RFC6605].
3. RRSIG Resource Records
3.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signatures
For signature calculation, this section uses the specifications of
RSASSA-PSS in PKCS #1 v2.2 (Section 8.1 of [RFC8017]) incorporating
EMSA-PSS encoding (Section 9.1 of [RFC8017]).
The values for the RRSIG RDATA fields that precede the signature data
are specified in [RFC4034]. The value of the signature field in the
RRSIG RDATA follows the RSASSA-PSS signature scheme and is calculated
as described in Section 8.1.1 of [RFC8017]. The message M used in
signature calculation is the argument to the sign() function as
specified in Section 3.1.8.1 of [RFC4034].
Jansen & Sivaraman Expires October 10, 2017 [Page 5]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
Within EMSA-PSS-ENCODE, the hash function "Hash" used is one among
SHA2-256, SHA2-512, SHA3-256, SHA3-384, and SHA3-512 for RSA/
SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512
respectively.
The mask generation function is MGF1 (Section B.2.1. of [RFC8017])
and the hash function used within the mask generation function is
also "Hash".
The length of salt in octets MUST be equal to the length of the
output of the hash function "Hash" in octets. The value of salt
SHOULD be random per signature computation. A random salt value
enhances the security of the scheme by affording a "tighter" security
proof. However, the randomness is not critical to security. See
Section 8.1 of [RFC8017] for the tradeoffs in security due to a non-
random salt.
These RSASSA-PSS signatures are stored in the DNS using RRSIG
resource records (RRs) with algorithm number as specified in
Section 9.
3.2. ECDSA/SHA-3 signatures
P-256 and P-384 ECDSA signatures using SHA3-256 and SHA3-384 hash
functions are stored in the DNS using RRSIG resource records (RRs)
with algorithm number as specified in Section 9.
The generation of P-256 and P-384 ECDSA/SHA-3 signatures follows the
same method as for [RFC6605], except the collision-resistant hash
function "H" (see Section 10.4 of [RFC6090]) for P-256 and P-384
ECDSA/SHA-3 signatures are SHA3-256 and SHA3-384 respectively.
4. DS Resource Records
The format of the DS RR can be found in [RFC4034]. [RFC3658],
[RFC4509], and [RFC6605] describe the use of SHA-1, SHA-256, and
SHA-384 for the DS digest type respectively.
4.1. SHA3-256 digest type DS Resource Records
The implementation of SHA3-256 in DS RRs follows the implementation
of SHA-256 as specified in [RFC4509] except that the underlying
algorithm is SHA3-256, the digest value is 32 bytes long, and the
digest type code is specified in Section 9.
Jansen & Sivaraman Expires October 10, 2017 [Page 6]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
4.2. SHA3-384 digest type DS Resource Records
The implementation of SHA3-384 in DS RRs follows the implementation
of SHA-256 as specified in [RFC4509] except that the underlying
algorithm is SHA3-384, the digest value is 48 bytes long, and the
digest type code is specified in Section 9.
5. Deployment Considerations
5.1. Key Sizes
Apart from the restrictions in Section 2, this document will not
specify what size of keys to use. That is an operational issue and
depends largely on the environment and intended use. A good starting
point for more information would be [NIST800-57].
5.2. Signature Sizes
In this family of signing algorithms, the size of signatures is
related to the size of the key and not to the hashing algorithm used
in the signing process. Therefore, RRSIG resource records produced
with RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, or RSA/
SHA3-512 will have the same size as those produced with RSA/SHA-1 and
RSA/SHA-2 hash algorithms, if the keys have the same length.
5.3. DS Sigest Sizes
DS RDATA with digest type SHA3-256 has the same size as DS RDATA with
digest type SHA-256 (32 bytes). DS RDATA with digest type SHA3-384
has the same size as DS RDATA with digest type SHA-384 (48 bytes).
Corresponding to these existing digest types, it should be possible
to understand the impact of the size of DS RDATA when using the new
SHA-3 digest types.
6. Implementation Considerations
6.1. Support for SHA-3 Signatures
DNSSEC-aware implementations SHOULD be able to support RRSIG and
DNSKEY resource records created with the RSA/SHA-2, RSA/SHA-3, and
ECDSA/SHA-3 algorithms defined in this document.
6.2. Support for SHA-3 DS Digest Types
DNSSEC-aware implementations SHOULD be able to support DS resource
records created with the SHA3-256 and SHA3-384 algorithms defined in
this document.
Jansen & Sivaraman Expires October 10, 2017 [Page 7]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
6.3. Support for NSEC3 Denial of Existence
[RFC5155] defines new algorithm identifiers for existing signing
algorithms, to indicate that zones signed with these algorithm
identifiers can use NSEC3 as well as NSEC records to provide denial
of existence. That mechanism was chosen to protect implementations
predating [RFC5155] from encountering resource records about which
they could not know. This document does not define such algorithm
aliases.
A DNSSEC validator that implements RSA/SHA-2 and/or RSA/SHA-3 MUST be
able to validate negative answers in the form of both NSEC and NSEC3
with hash algorithm 1, as defined in [RFC5155]. An authoritative
server that does not implement NSEC3 MAY still serve zones that use
RSA/SHA-2 or RSA/SHA-3 with NSEC denial of existence.
7. Examples
7.1. RSA/SHA2-256 (RSASSA-PSS) Key and Signature
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 247 (RSASHA2-256)
Modulus: 0xP+0iFPdhzUUmeYeZZZvddMG1lkpbvbcjSH/mLf/XksiFHq/legqzLQd5QajI3Tc7bIcRuuHPtib2nKm7k4R1SduNxzUyv5z/T9MDOqlQrUOsBveuC5Wf1b+36PLjWJNqnzFkZ9wuQIDF0uDZwGnebWZDJavq306j/XTA/iZtc=
PublicExponent: AQAB
PrivateExponent: uVnMoR7JFTG5rGb1+IbzZQYC+d0kyXhN+lpwtQyEHqPiXA57KT8vgkYL04WFTrlX3ju6hcBFw4Nn6+fdF6Os6zXGgexNh2PqDG+BSSO8P+dH7hNiuV2qSONgkKrJco0aX0q0sAyo7RzRHkAtUUFum//2qMQ7wGZRaVk3FPsFmQE=
Prime1: 8BHCdC21Zfw8cs4IUKSDqg6JZh6GkdHIHyRpgtPQ7pSx99QtIbU9+VoTcJHw09TId7MOm3fZ4nrALYQHFow7gQ==
Prime2: 4RW9O6uh52sNxjpYVqheZj+6Z2LvkIPsbgJQYsqhNLr/vf5apact+WXz5pWMlHOguiXu8qiZa86B1dxmHAkuVw==
Exponent1: t1p5D86RSxE5Ad4GT8E2pj1wB0StNtXoaJCg3UD1xCJhQo0U4zfP25BGZKWyL7fGXFWvhGInUWi7Oogp+bilAQ==
Exponent2: u5c+q2iT+ydBx6AA19hjNJyQYnIWbz9D4TuUe4GdcTEYy+Qc8EqxClZqPBcPnvnvTrUmvJ6/nxXxJ6gUgfE06Q==
Coefficient: m9t6RWOcmP1MLC8YiaxLvsJ1MLe+JTiu+Tzx7plz7bVd9cw0SCbD/X+VXBiDheu2ZyaZ8tuprEX7FdjiTU1Hdg==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 247 AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW723I0h/5i3/15LIhR6v5X oKsy0HeUGoyN03O2yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAzqpUK 1DrAb3rguVn9W/t+jy41iTap8xZGfcLkCAxdLg2cBp3m1mQyWr6t9Oo/ 10wP4mbX
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (42 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the
inception date is set at 00:00 hours on January 1st, 2000, and the
expiration date at 00:00 hours on January 1st, 2030, the following
signed zone (with DNSKEY) should be created:
Jansen & Sivaraman Expires October 10, 2017 [Page 8]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
42 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
C9c2AuyA6rB3XL08i3PgDtMZC2+sNiY/B94+
flfdxYz1OVmm7+byEVVxmAqw7nEn3MfUGpwj
2E1Thin2pYZ4jF4ep2kz1kDxXWTFnKwwxgAl
nFGeZihBJUUpfXpzIWVOGwkIJIWL+aB3mS3M
Z1EJ2Iok1n37ZO9Uf6tLcZDYLck= )
3600 NS invalid.
3600 RRSIG NS 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
y/qVMuKsW5dqkXBLQmTj+RJ1UCe8JUpLw7/x
yjlwH8qtUxJ3YxkfeDbx7Lah4+mZtYebib2Q
gSedJE/ZERTwsB7njLio/hoMTUIXD/BBGbd3
LyNHj7v6ujZO6HJ2ai46+qtYAXo2PHDV7i4I
AtOJQR1+Lz5Q/Bd6zJKuHiHft6E= )
3600 A 192.0.2.1
3600 RRSIG A 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
SjJvbsHI77EZFZnNFYGoFXhKPe8yJy7Jb4Td
mHFabTlpaqjByYlgQUyvB165KrvUBfSm/qMS
NqBJF7t8TmmsMkVpaL90GLYMvkKQexv4qI/X
PKZ++nynOa9HObcjUfgR0x3jLc5K+sRfnYwW
oJqjh+1z0Kb3hq3wawGVmRgZZwA= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
Tkleo5JjLcMDz+JzfG1Pfan4YNVrsLn0z8jJ
RME2LEionhZqLLAScmHy4yBg3RQQI/Ak+516
nBLwr1F23Kh5dkO9ApefKryn1SZP6LndOcBu
tdlq6MzNkqwgpXwFYwTsQtxG0SJPZxA7x5du
0F4QoBe/bC9vK69gra0Zkc0IPos= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 247 2 7200 (
20300101000000 20000101000000 30005 example.org.
CNggBNHd8AmjG3TGV34Mb6oMycx1OXLU645d
aDvA/LGZ5qBF8Oz5W56rYzpbcUS11rZBBBAb
nscR73oqF89BaHEMzQCpsVkoA8ao/xRAkMl1
N49iKGB5vCR2XnVkhH5b9JVDSK2Td+cWzDN3
O/0Fjg9cviMI/rEt1w29YFkYZxU= )
3600 DNSKEY 256 3 247 (
AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW7
Jansen & Sivaraman Expires October 10, 2017 [Page 9]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
23I0h/5i3/15LIhR6v5XoKsy0HeUGoyN03O2
yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAz
qpUK1DrAb3rguVn9W/t+jy41iTap8xZGfcLk
CAxdLg2cBp3m1mQyWr6t9Oo/10wP4mbX
) ; ZSK; alg = RSASHA2-256 ; key id = 30005
3600 RRSIG DNSKEY 247 2 3600 (
20300101000000 20000101000000 30005 example.org.
RHImUBMtz6LOEkEZLeeUKY30z1LgknkyawpZ
GLRLiE84UkBAjF559Yk8O6Dm9qTPa7jpu0ja
HAl1WGAHQU45w7t17/onSLJfE+6C9kS6F3N+
qhWu+WWMz6/fvbaoe5EG5v/AkXA/iF3sEPIt
Y5bA3d1IR9bs36fyk3c5c0vb170= )
7.2. RSA/SHA2-512 (RSASSA-PSS) Key and Signature
Given a 1280-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 248 (RSASHA2-512)
Modulus: v4LMvpU2sPxQHPOos4PFROf1U02gmzkOdeBjWiY1iEsyDgaGEJ/3x1D4oIVHI9pMVS47JoQvvhnnOnJv5/tslA5ivWsTp0i6rFzY3+F+zDUCA1AcD/rcECgfizC/VZSHvH3aThpjqiwCN6HtC9ofPNqxAikdwMeJP3oUSl3Pg/Y3S8pX2ykHNoq2+tROcypY4VUmbFqJa6SAxBT8EeWgTw==
PublicExponent: AQAB
PrivateExponent: uIbklwIZN4F2A992/rmJ23IRPNoAVXAtkcDKmjNUw2WI7mC0ztIEIgXP+oNQ36fYgv7PubYGdopo9TUMxJ7KqQIPe+nvfvEiBTBVO6r/zOveAJXvq3RuNJ0DCBnhvMhWMha7rRcqp3FixJ9J7cBEwRmJQn+KjrrOZJ9zCFJZ+CQZ5yTTFAdrkjDtpFrg8XUSuDqo85/RFtFUQiMHNzLZsQ==
Prime1: 8ji5lppCo7FCVENMf+a9u5EpXNwH8P+VFHaw99NAKqEV+pWBS24Op8yoRxt6f7mmRe4FTNyTfkkdSpMo5aN6oa1h/vFo14ifFTMU46Vm8ec=
Prime2: ymed+9gYJ/z4ulOPOBrJV6BSVIZgE1hxSkyR68h8fzGvc6iPCf7+JsM7XrIK3Z5dxFQ8WBg7YgbKn05mD1dqU3sJJpIstvKdhvUmaJyVYVk=
Exponent1: J/A+eZyZ3E+/9hDarkQniKPYxBzrmksqE6O2bkaA0AabjyPTm9JbzEMsg/z9581+ow0qBpBgKXR4xfEZzzNzZvEltVmsxc0bHe28RgThwoU=
Exponent2: jWsESRhdGGN57cXARXUBxIWxwHj628lprn39Xn5/7ebrLaZR+qv9K1wxOSKw0NN7tFceqnaT1xPjspb2XDW5hoZqiFaNg23Ufpz+rwzomlE=
Coefficient: 2hX/dV/0jj0IUyAbx5N1I2kIsjf9FJmQHQjktr63YG0CMMBMRNUWF2Y4B3Z3RJHHdeBRvD4r3q7JlkhXvuOWn1EyLFx8ZGOZVboKIcePgUU=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 248 AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5DnXgY1omNYhLMg4GhhCf 98dQ+KCFRyPaTFUuOyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/hfsw1 AgNQHA/63BAoH4swv1WUh7x92k4aY6osAjeh7QvaHzzasQIpHcDHiT96 FEpdz4P2N0vKV9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHloE8=
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (43 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the
inception date is set at 00:00 hours on January 1st, 2000, and the
expiration date at 00:00 hours on January 1st, 2030, the following
signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
43 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
Jansen & Sivaraman Expires October 10, 2017 [Page 10]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
LIqNhZMZthJKDab51kfzn9TtMyWSZ+Z+yOZU
Ukg9j6gAzcezPNiPer9A0FtgDsXFU2ICRDOx
kGeWjhgEN1JGOxA7robpGjOTLWAAYbzSihBE
ehqkpDTJHsmTv3lnjioAFaalFKwisClR1GH9
t7T9sZMEc1G25a4izULX6PiKAjBBegbJ6sGK
6OgCbuxE3yTwJTiPb3/W5IfPbv/bRnETWA== )
3600 NS invalid.
3600 RRSIG NS 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
Sj3JxLM0kH9UDcyO09Zhrupw+0iafH8Yk20I
a2m1S8jnjWrwCQplg/RRcM+9B5rz9AoNZJg7
iHWEwmP9jLK5umbQXP/zCt/5UffdiPSNpGb7
epJ5aNVVfvS00QeqL/yOhwkZcpVd9YszYq+V
Sx6hMHJ9SSqx/CBZZzwjJopOPP4zabha41RY
J/3PG3ohQh7hAigUcNgO4AwxAoV+D/3yQQ== )
3600 A 192.0.2.1
3600 RRSIG A 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
GZY8uKkZ2pKhtL9Dh6NKq8GES4WUn9AFOtNc
PHvXVANuMadMh8LwgmtKe7H6HujPW8Ghj0wJ
XRkGJ8kinCRp51eSF0gsr6vIsLiYCx/2XJW5
4dCufvxbbZe3e1yHOOSExLDICT6SQ775CavX
cjnFsI4NAzPO5S+55nq2EvUug7stYeS89mUQ
Wq24FZOnONIY1dbRfpzCkBSs09wXSBtqPQ== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
MY2ha2+UIdeHSEeBLqlb6Ls9gTCO7yUQkz3c
yM3A3Als78y/nz9GsEUjpQ6JGmt3c0Gs64mx
WFl15oo/LWrum/HLwvoXciwZOueCSzIpwjQY
zlqUNNbtKLYLChzMdq07x1Cak/kjF8ROsSpz
rQ5MbQDnLN25IOLy3JodvcZFnzsoxmx2LAJ1
g80Ps4+p5QbTEoASNGGPUR84LPrZ7j4Nrw== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 248 2 7200 (
20300101000000 20000101000000 50019 example.org.
l2RkbZqizyfnWMThvlt/F2zltQ/DVOmSCQve
JsIe++bJgbyloiLhDnia9ZqwT/apob6VHAgg
KXEII+R6WGuPCBHe3Px2xVFWgh1EU3GnoTWv
JCS1cQ98PpzBiLxIwMAQCp0ItUFj2M2LmZc9
JzvSFW2UCtUK64BCS5aj0qWPPfWuWjM1bJ1d
weyYT+oCKY/GurJbRcjOs4r4Jmsq1PctDA== )
3600 DNSKEY 256 3 248 (
Jansen & Sivaraman Expires October 10, 2017 [Page 11]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5
DnXgY1omNYhLMg4GhhCf98dQ+KCFRyPaTFUu
OyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/h
fsw1AgNQHA/63BAoH4swv1WUh7x92k4aY6os
Ajeh7QvaHzzasQIpHcDHiT96FEpdz4P2N0vK
V9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHl
oE8=
) ; ZSK; alg = RSASHA2-512 ; key id = 50019
3600 RRSIG DNSKEY 248 2 3600 (
20300101000000 20000101000000 50019 example.org.
gGFb305M15oFs/+Mc4r9II2nmqARCt52Rj2y
7aQNKIk7PXqxfdsnRpswmvRL/J0zUsoP/Ecj
E+yLZQpJz0Chycs5UszXCeHxGqx1GandpQaw
LOu02AFI2rdpamD242i3RUSfxjKUpo2MFuS7
c92xUOOkjwn1MAZruUKWPbVzCm3pvqIHTytL
JyGDHI8LqCbhbnf3hP2G45BCzh1cp41EYA== )
7.3. RSA/SHA3-256 (RSASSA-PSS) Key and Signature
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 249 (RSASHA3-256)
Modulus: uI99tnWEAZ5j8hnh29acjTWKUncLZpGWYCWjmz7KB7q8NCiGdA7dgkIBpGrsry0jF8PVGP8jm2omdMaPDX2N0UcEVKrUSKczNQb3Kdiihl1J8/IC9KZuHqQJHr8E4Gu/S4P1EbpaM00F1YPCkldl7yTyXEA6waP2Qs6lfRETffU=
PublicExponent: AQAB
PrivateExponent: ceGgqZBzxufsNfxAgH05lmx+EIqCT2TwTB2NiYLB+OkBrpF+/WgayIBgMQsFRsZsTAK7oDP2zbQ/THkk1ict9PHByDAAedOo+sjYqja7/NMqHZV2y5nfOV2gr/Qkx8Ns/JhcZ6bD0TtS+mTTGZPKxHZYoZKp/EYaRpY/FH/tgBU=
Prime1: 8a4Tyux12glzCP4cLndnDi2MT9M4WRR0B+8SjU1zoZVgOiF7WnCD6go3LAGl8SbiMzX491cJFKuK7/0qY4wTcw==
Prime2: w37/PBybwbTCtWJeGQo5sZUmAfcB4G9KPb0Xx7attTlVcvS3BsNxQ6u5CJS6PkxrRLJhObY0co97esbRlfXe9w==
Exponent1: X5pyH/LcR+03AVasRUFclgI0oBs5DhwGLmFHYHhEBqZ1k2lNR6B8vmdeHd1lDHlKP+HY49cdM30MkBUA4LI3uw==
Exponent2: P7FYptULSgkChuYNkkrqkRju0SUQz3Zy0bqRzNePsMOFO3bPSrzSYiHInysVosZzDGaxloPugoSMzmuITTtV8Q==
Coefficient: NdPPfYznkez2NNKsVydeZleq+jOBaQ3O98YZteXreOrH8L+pqKxkymKIvqjiTzWdA+fDV7KfFrbv0ZFwGymsNQ==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 249 AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aRlmAlo5s+yge6vDQohnQO 3YJCAaRq7K8tIxfD1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynYooZd SfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNNBdWDwpJXZe8k8lxAOsGj9kLO pX0RE331
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (44 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the
inception date is set at 00:00 hours on January 1st, 2000, and the
expiration date at 00:00 hours on January 1st, 2030, the following
signed zone (with DNSKEY) should be created:
Jansen & Sivaraman Expires October 10, 2017 [Page 12]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
44 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
Uwq4O7WnX3WgD4gqrE931DqCByyWgf6+YfZe
vRCTzMe+/q/36pWhYhej6wI3Fo2JRImMeL85
IEdQNEUOcZ4SyfbnC/x44Tj3xlF1imf40dWy
/HDLAdAlCfL1bZVxd6KNPBoGsZmWqqdePguC
Kvv6KpZB5bmQhlPJHmcevUajG80= )
3600 NS invalid.
3600 RRSIG NS 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
WXtpjYg9ZGDYBn01HBZwrHiJ8pccXicaLt6e
ck1lYFER1/Gw3oroFvHeI7l8WuyGyjm7QnXP
/avYGX7tAmObgKRh08gk2tDj8Ku6aKYRunVh
jobJi2WEsKBMCScwhjK64WJV90pOrWiU7/j6
D8fwTySTSmQJXn7mG/0ynIiwruw= )
3600 A 192.0.2.1
3600 RRSIG A 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
K718CGTXBAKJ3ug5YsHGtr4tPvHrrPFw0YCN
v97mU25mhBerDNLyNISCsMQPw0NVnXyV7BR0
8dpwnmZqGIhId4ojaSKCZtQkUkNiqrF77sZe
2jryHi8VvuT9JqFa+JI3vUHLavnGabc40qEC
zTtP8g1I3CEopnp6QDkLxyjwVhQ= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
e8EgXwu/7VvU83ZW8gEiS+51HUfgkowoichs
9L7U5eX1axrynM7c3r7WvFy1hNGLxrzZOU7e
r8R+0QG989x1lwPSHeETryQ/5sUApOeoaFYj
3D+IZEzI0gGfHIXP+zZ2kRW3tQx0Bn1JHPWx
1+JOwFdfJB4jczG6YwydRVaWd3M= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 249 2 7200 (
20300101000000 20000101000000 23809 example.org.
rfCOWKNWnlLoXuLPqE5fhq7yN10BZbZ0cCj7
8c4DROMIXistBFRoNhYngTDratXojbJGCO4F
nbA3kSOh91RaSevASHDF9SvAysKUqWIYw4Mx
hLROhu9TjE7i3VgYt6rEHoQIMroOry3dao48
12mcadWl4MgoDyJAxTbUGZyTeFY= )
3600 DNSKEY 256 3 249 (
AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aR
Jansen & Sivaraman Expires October 10, 2017 [Page 13]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
lmAlo5s+yge6vDQohnQO3YJCAaRq7K8tIxfD
1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynY
ooZdSfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNN
BdWDwpJXZe8k8lxAOsGj9kLOpX0RE331
) ; ZSK; alg = RSASHA3-256 ; key id = 23809
3600 RRSIG DNSKEY 249 2 3600 (
20300101000000 20000101000000 23809 example.org.
hgKUSu/6JOKBEA9LavThiPFsDk0JOK4fsCiJ
cR8Y/uAKyTlZ77m7olSWnbhSmAkzM2dST4eb
KfCKgz+v6B0H+TGuuVZ9nriFggRsUu0uddsD
sgOVuWB2XC0e0lJMxpYht/DQd6ZLc++XhWyK
a9a0Iw9/bcIFaKY+bhn0zWp3y9k= )
7.4. RSA/SHA3-384 (RSASSA-PSS) Key and Signature
Given a 1024-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 250 (RSASHA3-384)
Modulus: xHuxiHax4XcfW9yCIdCVdrqs+L1lfTZKdOK7C+J8yDptcyS7DC8Su0X4hqJxA3M0gZFfpwSpuc1/XSwm0pDCqByy1qehIZgJMQ9dm6whqokGgqcpOxEbLhKDHoUl6dq6MVZAoys2wYgpEwK9E0GPx1OT80EeO/8txqyIx1b3X1s=
PublicExponent: AQAB
PrivateExponent: vFr/xBxVRhkWPM/VCGmW/uzR6NpXsoMbOZYpTalfietJBTrO/U0bHeBj8V1EDdShHxynn8r+khoH4N/0j6MqlqEnKmL7lTDeGV5ezKLu3uLFa6RISolasqpQBqptImJ+hbXtozDKPhfjI/+d9FZBB6J1g2RlwujGX6VJMbSefvE=
Prime1: /fmeKF6OHGM9aWJq4j2/tNgbdTdy9tP2pi7VG4w7MZcXtt5jRuwDt9RfBb0i01+KOROWyIklTeHC3OIdU6otLw==
Prime2: xgy6/HX5aChVos1eunk1ZezvweGNfBuZr4TcpcTShzLs8ftGs/fAZ6Ea44p7EZizB1yaEspfcvTMHFnC709dlQ==
Exponent1: 3UV/P9ixo5XqyUgPqzD1NxAZTBSVOusNN1gSH0AbymbDKHW0tPOngZ+rcgqIrvPML1IbyneCYspQxbTSrDPVzQ==
Exponent2: BOFlbjk+ByoPSi7Dadb40OUw11dGlEtd0yxz/4XFJl3D5wapLGArlqIqtnbAJ6ParZDDnzjrdzq/GOfBXQJYrQ==
Coefficient: NPxHl0td8V/7Sk7dnGfF6Fbde3Kwt8PUUsVulh3rsr1wjmWeW6JFBxd8R104k+HicCXrLj+YthGmLS3jCwnidQ==
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 250 AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02SnTiuwvifMg6bXMkuwwv ErtF+IaicQNzNIGRX6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZusIaqJ BoKnKTsRGy4Sgx6FJenaujFWQKMrNsGIKRMCvRNBj8dTk/NBHjv/Lcas iMdW919b
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (45 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the
inception date is set at 00:00 hours on January 1st, 2000, and the
expiration date at 00:00 hours on January 1st, 2030, the following
signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
45 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
Jansen & Sivaraman Expires October 10, 2017 [Page 14]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
i7x4t2CwGks6qLxRxbdp+pakfK27TzN91vug
UPyU+TmOzPYqQoS2MOjJn8TVuje9vZ4EnuzZ
cTZCkO44r9XIgqth4tY5aJfK8otr30DYYwYd
GOv719RBypf11JOk9FW4+rcgsSfTu3z3+a78
PuGh5oR7fUGlg/d0//WraW+Zg+E= )
3600 NS invalid.
3600 RRSIG NS 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
c1o2/g51y3eo3E3+28Ot1k4vg4sE8MEIHdel
rD35/XAOzDZ8PH0HmrBzYEGUTk7Dxv8ts0Yj
M9xtoF9HIxlmOF19yjKrT7LNpXmbcbxA/NNH
kNOqX3EzsLZFD1t7btDqKtj+CaslkxMe6JnH
m03CtRj6b2YF4TROa8swzElwMSc= )
3600 A 192.0.2.1
3600 RRSIG A 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
UXoGfLBwSu4b0bMrUvf6QC4Yn/WspMpv5ARf
Z2aZPZABB5ZTdmSLXuvRP4XG9OZNiQhBKCVs
4gLi2MutsVD8AB6N3inJcvNefty8l7+wdnUk
HKuLk8O+/GCB0394nIJTKnazGPhUJtlZucZV
jSNlo+OVLqCqcKtUjG+YB63J5V0= )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
hMN/J/JZEyMhC9RqJpowhidhSRQCOeiTWyhX
i7+prwrtJ0CccOmakac2QjuKBOEkeXOzUpLL
nXY83uObZCvWg3HouhZX+y9CgLueqRjfK2Sr
KrBLM1zXceqg2zjjxr7UjYn9ty6sJeOJbQLk
LDEOW7fPPSLPELa0S8kS6Z5X/6E= )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 250 2 7200 (
20300101000000 20000101000000 54407 example.org.
ZTSVWOyH0HY6OYKDhjAqDlhdPjgzSx6ihA5/
Nu1tOJgtxXR+/55PGdplIfS3Q4vujqbbwjD1
EcSGUgVP9lnL4wqq2YwSALj3e5K216wRhBKz
G5YwFrduYZAP57nGdykzeNQZRB1bEpLUEzrP
/u+TQCTrLDSTMv4s61gN9d02gl0= )
3600 DNSKEY 256 3 250 (
AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02
SnTiuwvifMg6bXMkuwwvErtF+IaicQNzNIGR
X6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZus
IaqJBoKnKTsRGy4Sgx6FJenaujFWQKMrNsGI
KRMCvRNBj8dTk/NBHjv/LcasiMdW919b
Jansen & Sivaraman Expires October 10, 2017 [Page 15]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
) ; ZSK; alg = RSASHA3-384 ; key id = 54407
3600 RRSIG DNSKEY 250 2 3600 (
20300101000000 20000101000000 54407 example.org.
iFy/6jk0In+egxxxOGzvknZ2gufOFAlrvZ4Q
2Ufa2hLKvJOhsQrpcEfHtB5vGivZJ9WwShjw
5n5YlBE/VKyy/IpycgJwybrBBPimNViwfn8y
BunXT7x/OJ0tSeDxr1ab/CwPBl+0uq3RsDqs
5qJTL5pmN5JD6kR2tRVvy3MicTM= )
7.5. RSA/SHA3-512 (RSASSA-PSS) Key and Signature
Given a 1280-bit private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 251 (RSASHA3-512)
Modulus: o+YkFXrbuWtwzgjWTMxKWL/mxKmZiIEwZQocnh0XN8ON6AIFc+aECjkxwO5pWG171NCXt2acYWnKakpCmpiSHh9ggj8hL5O67Zs409xo0vqRpXzxY27IvBtKNurtD48RiPknLh3fEhuRnHEj8X2fpuOUx0yN5wOZx3PRjNxMeLnTglxHfRqah/tApQnCTvBAWX5vSYmPP1u/4I/UR1Zpyw==
PublicExponent: AQAB
PrivateExponent: TJqZTOzSW7SK0dGxj82ABkETM+HtH676Fo+GVqRUIL0my0R+lfAs0LZwubL0y97IHOytrIuqFaGjeNBilu0uhiO2MMoe0aTjnoCJLAR9ffXdqZb1FGMn8kWkmmtZJbm3LzFYHMs4B0exGq4vI2DfX5UF0LZV1YN4WIk2jgMPgRdJRZOOr0ZyJs8dz4VwhuVZx6SRa4ADB22QIRUdCCEESQ==
Prime1: 0fpRrO03qcRgQpwNiiw0sjBguAClUVMY9H+ZLwUrAsiP65/ikHOOXTve7aAW/OMnAmKdmpaA0jeMiYdwidMcdwVJbZM0qHsqkxrVZmtgFy8=
Prime2: x9Jgn/DLIVzcPl8VazyWcn51hbM2xd8J5fZYp/ZPVJBDlfvlICT6YbpYg8CyPjUpoDM4JnAH9v0sICO7GgrvQIY5XEYnLmUttdBj8+D58CU=
Exponent1: lXLZcQABrzYS4TXauS5Pb0fZfv0OrPw89cBfkcTW4QtIzAanJfLpL9iuCWj5E5LFMABqdh2KoJRi1XvtkFsOlnPP2Ep+ny/SlJLzsgrYgIc=
Exponent2: fsVfe9keZhotuHxGcHRN1nGYSax7MWnhM73oXRcNGU81MbBPmuca2mmIwn28F29O603Tb79frjjMh89jYpBRXZRKS9pN/Uc/iruczhqLNuk=
Coefficient: JF5wby8oSnh2Hqff02l7tA80wNf99YWUPSn3yHfuoQKgn274V2N/QE4XgcpJd+ioSkKNX+GV6RpG+b8gUiR1hCxHBPpmeb/QcA9ivnrW0L0=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 251 AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiBMGUKHJ4dFzfDjegCBXPm hAo5McDuaVhte9TQl7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPcaNL6 kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIbkZxxI/F9n6bjlMdMjecDmcdz 0YzcTHi504JcR30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdWacs=
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (46 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
Using RSASSA-PSS salt filled entirely with 0 valued octets, if the
inception date is set at 00:00 hours on January 1st, 2000, and the
expiration date at 00:00 hours on January 1st, 2030, the following
signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
46 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 251 2 3600 (
Jansen & Sivaraman Expires October 10, 2017 [Page 16]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
20300101000000 20000101000000 23118 example.org.
OLszLePpxC9kXYEHP+xnQ/5VVGUuIECXHzEG
ksSPKttAmztjP3GVZpNCqYsahV7yKKkkd6TX
h45w9pho8ZWDabPdCjzCiwl5aL+OvzUWXeGJ
chObfU1AFsW3I03V5/8KUzH6o1CCTDbYbLeP
saI/HH+G4k6mbLU1vNBCKjT8U2wY2T3mtCry
a9heSY0UbORoQpilzljhtmyU86LfItD7tg== )
3600 NS invalid.
3600 RRSIG NS 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
LtjteiIhqrJWOJDvVHB2YBdpOPtc62N40uGe
GoSj9S9pU8UEte8K4T+TQGefc89SQQMBKMl+
LtdKY4G9pTLBSVzpUw1ht4hZvwU5mKURWDJ7
+ZR14ic4Sh91R79U4BZCxe7DbQa+3JWhBLVo
KFsmsFwlStpWSe97xoQNiyC33Y0TRl2S/7TF
p3ewL2owYRraSZZqj+UAM3oLXPyYJoD71A== )
3600 A 192.0.2.1
3600 RRSIG A 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
HcOfonaxmSgcjmoRCkrf0mm3K/6zbQQyseI5
u/dmqN04jGjO8OfinRX6wWe2uaQUCTSITyD+
BONJa9BotX36uDJgtm+UYqz+xFSrF/Wolb9X
GrKBzRJXwKGL8z/gcIJMn1VchSwcFIhh+w4K
QAxWmpm2mNdbL83D1Ep+dRgLgsawubhwc2t0
UM6kLJgsx8qYEDDVk6f0UKFWBobseyP5pQ== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
AvBYmq6oMCOAQi4DpSpo5+cRUX+vZQgvaNH8
JnT68vibTlyxlUOa5BlxQv7IrrjrM7af73Ny
6tdZfUoQouSpThCs22cPC4T5RPZvSvWzejGc
Fc8ElNOFmftx4d3ag6cIn9Wj74gEAgmqmp+j
uB7/hYK12A2/shgDr0S1UEax2YehBNXdViHZ
aSwSQoLrW25zN4ENgnVkMKUQ/2OIOhyKrg== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 251 2 7200 (
20300101000000 20000101000000 23118 example.org.
MeDqwUq8KuJiSLZBefoJqgvuQ6Nlm+IPDFMA
jZUkov419KPqItr29YIG+7lL8Ow/PRVbb0mM
VfVUTIKWC1bfAhO2FBAQJTIzAeFELnUSsTaa
jcNdRSen8VosEh3822rwjqcQD5hhm52v7ZCT
QgrRrgoZBuCHU9dDHNfauUie0mrnCqiuFRjR
DafCZeqYzzIpZVDIjyFDwu2LRzkyKduHug== )
3600 DNSKEY 256 3 251 (
AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiB
MGUKHJ4dFzfDjegCBXPmhAo5McDuaVhte9TQ
l7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPc
aNL6kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIb
Jansen & Sivaraman Expires October 10, 2017 [Page 17]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
kZxxI/F9n6bjlMdMjecDmcdz0YzcTHi504Jc
R30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdW
acs=
) ; ZSK; alg = RSASHA3-512 ; key id = 23118
3600 RRSIG DNSKEY 251 2 3600 (
20300101000000 20000101000000 23118 example.org.
SUr4RUGNadiJ7pJe8X2bnnUuHbNY3yq1S+/W
NRpfXT5RReL8Ag5QuBQAnKwkqbV0UFeM3D0S
xX46BY/75LerOIqy8FHaXbk9qiLBaX9E7/cV
vUhkf9Dbp26Irc59AQCAB0OQ/e55onU3NRsY
TWrujs0cyOo2B8eSHPcd8M2Yvwyh/ZEQNfUj
YXKwAO6a+DZeId9BwU0KiEcrLs/KP2gzEQ== )
7.6. ECDSA Curve P-256 with SHA3-256 Key and Signature
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 245 (ECDSAP256SHA3-256)
PrivateKey: FHj8A/R6a/L9gP0cEyi/2ILg8d7ooxrS332FZNuED2c=
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 245 5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWsWvSFqhULW6UhzF0NV4wT Vw6eFTWrJMH421Uk+SI1YFxSL5a77g==
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (40 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
If the inception date is set at 00:00 hours on January 1st, 2000, and
the expiration date at 00:00 hours on January 1st, 2030, the
following signed zone (with DNSKEY) should be created:
Jansen & Sivaraman Expires October 10, 2017 [Page 18]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
40 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
Lwigfv/bGllB3Oy8VwxiocNv9Gzcmkm3I90x
dRR2EE8m7mAB6STKrCAWb/W6FS0idcQPiSgL
8uCb0yepcmbtFw== )
3600 NS invalid.
3600 RRSIG NS 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
I/z7I5Q7L6Gec/NynbXGg5gtbVh9DBMFuvX2
6eD6OOeORC7As6/oQmb1kXaHPpLj4amg+f/n
HnJHUfYweLuq+Q== )
3600 A 192.0.2.1
3600 RRSIG A 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
PuehYLyx2uSSTe1lsmCmu0fe9Lty4IMB7BMY
q106Q95EmDU9NE93aNn/N3jY3aXSrr2Omumg
UDixTS/b3WTI7A== )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
jmQwgJCvCC1JLGLpOTUYq8p4w3x3RQ4U1Qaj
Wg1w/PZUX2L931+UScQCgxEeUMEsPBQfDRD2
ngjaSy3EPacAmg== )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 245 2 7200 (
20300101000000 20000101000000 43839 example.org.
7TtsB8CoVLjTGx3yDVDwOcGsG3+1FdC4S9zl
jSOPIYfRD3KnlBPE+9fyl/5YIz9JDLu+AiJI
49gk+PHBru63EA== )
3600 DNSKEY 256 3 245 (
5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWs
WvSFqhULW6UhzF0NV4wTVw6eFTWrJMH421Uk
+SI1YFxSL5a77g==
) ; ZSK; alg = ECDSAP256SHA3-256 ; key id = 43839
3600 RRSIG DNSKEY 245 2 3600 (
20300101000000 20000101000000 43839 example.org.
oRrJQrqVwC+fAtXzUQELelLopUXZEcOLkGiP
kyOtu5/K9/PlTPibU9szJeVJwS1L8FBHetsq
NWw6YKBpRzZQGw== )
Jansen & Sivaraman Expires October 10, 2017 [Page 19]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
7.7. ECDSA Curve P-384 with SHA3-384 Key and Signature
Given a private key with the following values (in Base64):
Private-key-format: v1.2
Algorithm: 246 (ECDSAP384SHA3-384)
PrivateKey: FaHBWT7qWcJF2J4ExUPgBZ1poxJ/Cwvzv6+BF5rGT3KuIs83ABt51ITt4hVwaGfc
The DNSKEY record for this key would be:
example.org. IN DNSKEY 256 3 246 KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7FxAkwlGNYdkEePKE7Wfz AgatdexHHeKTG61+3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI3rMa 9ucGNf8PThBzVAVT
With this key, sign the following zone consisting of 4 RRs:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (41 43200 900 1814400 7200)
example.org. 3600 IN NS invalid.
example.org. 3600 IN A 192.0.2.1
example.org. 3600 IN AAAA 2:2001:db8::1
If the inception date is set at 00:00 hours on January 1st, 2000, and
the expiration date at 00:00 hours on January 1st, 2030, the
following signed zone (with DNSKEY) should be created:
example.org. 3600 IN SOA invalid. hostmaster.example.org. (
41 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
1814400 ; expire (3 weeks)
7200 ; minimum (2 hours)
)
3600 RRSIG SOA 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
ZPWX28z79mJc3UbHfubZOdEKPg1BiKy9vdLV
GiGIDU6QDFSci3NmGdjFKfuS31EEjmehVu1M
CaJRFmbl/q1HhoFzuRVnGLkdHr+krBCon9Uo
3l5EEyorRFCOg5Ro5i/z )
3600 NS invalid.
3600 RRSIG NS 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
nAwt7QstHenYC2h9eX7J0p33QRE3S+C7+Wz/
LTOEWqtm0AfU10hnFmnw6OGmxkp2ll2d2qh1
JjrkEPDwg0jlM12SFDTQmwW5TnRQV89N16R2
0KKnoxrdnMSO8WhhnaYG )
3600 A 192.0.2.1
3600 RRSIG A 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
ATgXx7BFVUQYFBXx/xiTq2T1CWUAuFmNpqF/
JYVXi0elgImh3a+q6ZCUATUmSvlmDMW6KEhY
Jansen & Sivaraman Expires October 10, 2017 [Page 20]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
ggr2MdJnT4nm0Qo3ellq8mUAvY2X9/yON9Eh
D+Ist8SZ7WDe7UX8Pe9H )
3600 AAAA 2:2001:db8::1
3600 RRSIG AAAA 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
T7DAgHgxAFNXp5I/alyc5Vp4jsE/L/C9v6NY
6j+I3RyiCCGY0PY8JY4R4iEd2QB9GPl0zByF
bGVz3MfxiyF/r/BB1zdzgqCcsZ7O932sOuRj
PQFHV7TuKabl0INvnjAs )
7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 246 2 7200 (
20300101000000 20000101000000 34779 example.org.
Tc7HYK4o1ZYYdkSbykdG1aR3dgK/Ah8evaKp
4hfBm9R9GiWlusEhD6OWPGKjw2Y8zC/yb9h0
S4lj5TvbzRFY8xfvoys6w9x4KSo89bAAIIkQ
ojBivLF8GlXOhDApeqr3 )
3600 DNSKEY 256 3 246 (
KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7
FxAkwlGNYdkEePKE7WfzAgatdexHHeKTG61+
3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI
3rMa9ucGNf8PThBzVAVT
) ; ZSK; alg = ECDSAP384SHA3-384 ; key id = 34779
3600 RRSIG DNSKEY 246 2 3600 (
20300101000000 20000101000000 34779 example.org.
WpuLvqdHWbmggF7tTgXkFuoHFgPgY7Tl35zg
jLEEgZJJUXDEDOC2pFpYVJljVPGptUW4EWOM
CoCu70UTPpTJUnXWQgYH/2lW2SjWk7KM36rH
nWkRklSxtL8y00IV1/Nt )
7.8. SHA3-256 as DS Digest Type
Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:
example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
The DS record for this key with digest type SHA3-256 would be:
example.org. IN DS 25803 8 252 AE03EA9388D4BA12725999B8E2C4ED14E06EAE8B78229B81154F61FE8EDBAA5F
7.9. SHA3-384 as DS Digest Type
Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents:
example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N
The DS record for this key with digest type SHA3-384 would be:
example.org. IN DS 25803 8 253 BA8A4350F844CCCB8308694B3ADD478FC7EFBAC936D82D482D88F792FAB0766567E1F58F3A1075708CCC0457C9435ECA
Jansen & Sivaraman Expires October 10, 2017 [Page 21]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
8. Security considerations
8.1. Considerations for RRSIG Resource Records
DNSSEC implementations are encouraged to implement the new algorithms
in this document as soon as possible now that SHA-1's security is
known to be degraded and the SHA-2 hash algorithms are currently the
last line of defence for use with RSA in DNSSEC.
Users of DNS software are encouraged to deploy these new algorithms
with DNSSEC when software implementations allow for it. Users are
encouraged to run DNSSEC validator implementations that support these
new algorithms when they are available.
The RSASSA-PSS signature scheme and the SHA-3 hash function family
are considered sufficiently strong for the immediate future, but
predictions about future development in cryptography and
cryptanalysis are beyond the scope of this document.
8.2. Signature Type Downgrade Attacks
Since each RRSet MUST be signed with each algorithm present in the
DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a
malicious party cannot filter out the RSASSA-PSS RRSIG and force the
validator to use a RSA/SHA-1 signature if both are present in the
zone. This should provide resilience against algorithm downgrade
attacks, if the validator supports RSASSA-PSS.
9. IANA considerations
This document updates the IANA registry "Domain Name System Security
(DNSSEC) Algorithm Numbers" (http://www.iana.org/protocols). The
following entries are added to the registry:
Jansen & Sivaraman Expires October 10, 2017 [Page 22]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
+-------+-----------------+-------------------+------+------+-------+
| No. | Description | Mnemonic | Z.S. | T.S. | Ref. |
+-------+-----------------+-------------------+------+------+-------+
| 245 | ECDSA Curve | ECDSAP256SHA3-256 | Y | * | [TBD] |
| [TBD] | P-256 with | | | | |
| | SHA3-256 | | | | |
| 256 | ECDSA Curve | ECDSAP256SHA3-384 | Y | * | [TBD] |
| [TBD] | P-384 with | | | | |
| | SHA3-384 | | | | |
| 247 | RSA/SHA2-256 | RSASHA2-256 | Y | * | [TBD] |
| [TBD] | with RSASSA-PSS | | | | |
| 248 | RSA/SHA2-512 | RSASHA2-512 | Y | * | [TBD] |
| [TBD] | with RSASSA-PSS | | | | |
| 249 | RSA/SHA3-256 | RSASHA3-256 | Y | * | [TBD] |
| [TBD] | with RSASSA-PSS | | | | |
| 250 | RSA/SHA3-384 | RSASHA3-384 | Y | * | [TBD] |
| [TBD] | with RSASSA-PSS | | | | |
| 251 | RSA/SHA3-512 | RSASHA3-512 | Y | * | [TBD] |
| [TBD] | with RSASSA-PSS | | | | |
+-------+-----------------+-------------------+------+------+-------+
This document updates the IANA registry "Delegation Signer (DS)
Resource Record (RR) Type Digest Algorithms" (http://www.iana.org/
protocols). The following entries are added to the registry:
+-----------+-------------+----------+------------+
| Value | Description | Status | References |
+-----------+-------------+----------+------------+
| 252 [TBD] | SHA3-256 | OPTIONAL | [TBD] |
| 253 [TBD] | SHA3-384 | OPTIONAL | [TBD] |
+-----------+-------------+----------+------------+
10. Acknowledgements
Thanks to Francis Dupont and Paul Hoffman for review and suggestions.
11. References
11.1. Normative references
[FIPS.180-4.2015]
National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-4, August 2015,
<http://csrc.nist.gov/publications/fips/fips180-4/
fips-180-4.pdf>.
Jansen & Sivaraman Expires October 10, 2017 [Page 23]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
[FIPS.202.2015]
National Institute of Standards and Technology, "SHA-3
Standard: Permutation-Based Hash and Extendable-Output
Functions", FIPS PUB 202, August 2015,
<http://dx.doi.org/10.6028/NIST.FIPS.202>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the
Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110,
May 2001, <http://www.rfc-editor.org/info/rfc3110>.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February
2003, <http://www.rfc-editor.org/info/rfc3447>.
[RFC3658] Gudmundsson, O., "Delegation Signer (DS) Resource Record
(RR)", RFC 3658, DOI 10.17487/RFC3658, December 2003,
<http://www.rfc-editor.org/info/rfc3658>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005,
<http://www.rfc-editor.org/info/rfc4033>.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security Extensions",
RFC 4034, DOI 10.17487/RFC4034, March 2005,
<http://www.rfc-editor.org/info/rfc4034>.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005,
<http://www.rfc-editor.org/info/rfc4035>.
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer
(DS) Resource Records (RRs)", RFC 4509,
DOI 10.17487/RFC4509, May 2006,
<http://www.rfc-editor.org/info/rfc4509>.
[RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS
Security (DNSSEC) Hashed Authenticated Denial of
Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008,
<http://www.rfc-editor.org/info/rfc5155>.
Jansen & Sivaraman Expires October 10, 2017 [Page 24]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
[RFC5702] Jansen, J., "Use of SHA-2 Algorithms with RSA in DNSKEY
and RRSIG Resource Records for DNSSEC", RFC 5702,
DOI 10.17487/RFC5702, October 2009,
<http://www.rfc-editor.org/info/rfc5702>.
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090,
DOI 10.17487/RFC6090, February 2011,
<http://www.rfc-editor.org/info/rfc6090>.
[RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital
Signature Algorithm (DSA) for DNSSEC", RFC 6605,
DOI 10.17487/RFC6605, April 2012,
<http://www.rfc-editor.org/info/rfc6605>.
[RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
"PKCS #1: RSA Cryptography Specifications Version 2.2",
RFC 8017, DOI 10.17487/RFC8017, November 2016,
<http://www.rfc-editor.org/info/rfc8017>.
11.2. Informative references
[NIST800-57]
Barker, E., Barker, W., Burr, W., Polk, W., and M. Smid,
"Recommendation for Key Management", NIST SP 800-57, March
2007.
Appendix A. Change history (Editor: to be removed before publication)
o draft-muks-dnsop-dnssec-sha3-01
Use RSASSA-PSS instead of RSASSA-PKCS1-v1_5. Specify DNSSEC
algorithms using RSASSA-PSS for SHA-2 hash functions too. Specify
algorithms for ECDSA with SHA-3. Update all examples. Other
fixes.
o draft-muks-dnsop-dnssec-sha3-00
Initial draft.
Authors' Addresses
Jelte Jansen
SIDN
Meander 501
Arnhem 6825 MD
The Netherlands
Email: jelte.jansen@sidn.nl
URI: https://www.sidn.nl/
Jansen & Sivaraman Expires October 10, 2017 [Page 25]
Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017
Mukund Sivaraman
Internet Systems Consortium
950 Charter Street
Redwood City, CA 94063
US
Email: muks@mukund.org
URI: https://www.isc.org/
Jansen & Sivaraman Expires October 10, 2017 [Page 26]