<?xml version='1.0' encoding='utf-8'?><?xml version="1.0" encoding="UTF-8"?>
<!-- draft submitted in xml v3 -->
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<?rfc iprnotified="no" ?>
<?rfc strict="no" ?> [
<!ENTITY nbsp " ">
<!ENTITY zwsp "​">
<!ENTITY nbhy "‑">
<!ENTITY wj "⁠">
]>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" docName="draft-moskowitz-ipsecme-ipseckey-eddsa-09"
category="std" number="9373" ipr="trust200902" obsoletes="" submissionType="IETF" updates="" xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3">
<front> <title abbrev="IPSECKEY EdDSA">EdDSA value for IPSECKEY</title>
<seriesInfo name="Internet-Draft" value="draft-moskowitz-ipsecme-ipseckey-eddsa-09"/> name="RFC" value="9373"/>
<author fullname="Robert Moskowitz" initials="R" surname="Moskowitz">
<organization>HTT Consulting</organization>
<address>
<postal>
<street></street>
<city>Oak Park</city>
<region>MI</region>
<code>48237</code>
<country>USA</country>
</postal>
<email>rgm@labs.htt-consult.com</email>
</address>
</author>
<author fullname="Tero Kivinen" initials="T" surname="Kivinen">
<address>
<email>kivinen@iki.fi</email>
</address>
</author>
<author fullname="Michael C. Richardson" initials="M." surname="Richardson">
<organization abbrev="Sandelman">Sandelman Software Works</organization>
<address>
<email>mcr+ietf@sandelman.ca</email>
<uri>https://www.sandelman.ca/</uri>
</address>
</author>
<date year="2023" month="March" />
<area>Internet</area>
<workgroup>IPSECME</workgroup>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<area>sec</area>
<keyword>IPSECKEY EdDSA</keyword>
<abstract>
<t>
This document assigns a value for EdDSA Edwards-Curve Digital Signature Algorithm (EdDSA) Public Keys to the IPSECKEY
IANA "IPSECKEY Resource Record Parameters" registry.
</t>
</abstract>
</front>
<middle>
<section numbered="true" toc="default"> <name>Introduction</name>
<t>
IPSECKEY [RFC4025) <xref target="RFC4025"/> is a resource record (RR) for the Domain Name
System (DNS) that is used to store public keys for use in IP
security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY
Algorithm
"Algorithm Type Field Field" registry <xref target="IANA-IPSECKEY"
format="default"/> to enumerate the permissible formats for the
public keys.
</t>
<t>
This document adds support for Edwards-Curve Digital Security
Algorithm (EdDSA) public keys in the format defined in <xref
target="RFC8080" format="default"/> to the IPSECKEY RR.
</t>
</section>
<section anchor="IPSECKEY" numbered="true" toc="default"> <name>IPSECKEY support Support for EdDSA</name>
<t>
When using the EdDSA public key in the IPSECKEY RR, then the value
TBD1
4 is used as an algorithm and the public key is formatted as
specified in Section 3 of the "Edwards-Curve Digital Security
Algorithm (EdDSA) for DNSSEC" (<xref target="RFC8080"
format="default"/>) document.
sectionFormat="of" section="3"/>).
</t>
<artwork name="" type="" align="left" alt="">
<![CDATA[
Value Description Format description Reference
TBD1 An
<table anchor="table1">
<name></name>
<thead>
<tr>
<th>Value</th>
<th>Description</th>
<th>Format Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>4</td>
<td>An EdDSA Public Key [RFC8080], Sec. 3 [ThisRFC]
]]>
</artwork> Key</td>
<td><xref target="RFC8080" sectionFormat="comma" section="3"/></td>
<td>This RFC</td>
</tr>
</tbody>
</table>
</section>
<section anchor="IANA" numbered="true" toc="default"> <name>IANA Considerations</name>
<section anchor="IANA_IPSECKEY_reg" numbered="true" toc="default"> <name>IANA <name>Update to the IANA IPSECKEY Registry Update</name> Registry</name>
<section anchor="IANA_IPSECKEY_Alg_format" numbered="true" toc="default"> <name>Reformat the Algorithm Type Field Subregistry</name> Registry</name>
<t>
This document requests
Per this document, IANA to add a new has added the "Format
Description" field “Format
description” to the "Algorithm Type Field" subregistry registry of the
"IPSECKEY Resource Record Parameters" <xref target="IANA-IPSECKEY"
format="default"/>. Also, this document requests In addition, IANA to update has updated the
"Description" field in existing entries of that registry to
explicitly state that is they are for "Public" keys:
</t>
<artwork name="" type="" align="left" alt="">
<![CDATA[
Value Description Format description Reference
0 No
<table anchor="table2">
<name></name>
<thead>
<tr>
<th>Value</th> <!-- <th>: headings -->
<th>Description</th>
<th>Format Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody> <!-- The rows -->
<tr>
<td>0</td>
<td>No Public key is present [RFC4025]
1 A present</td>
<td></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>1</td>
<td>A DSA Public Key [RFC2536], Sec. 2 [RFC4025]
2 A Key</td>
<td><xref target="RFC2536" sectionFormat="comma" section="2"/></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>2</td>
<td>An RSA Public Key [RFC3110], Sec. 2 [RFC4025]
3 An Key</td>
<td><xref target="RFC3110" sectionFormat="comma" section="2"/></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>3</td>
<td>An ECDSA Public Key [RFC6605], Sec. 4 [RFC8005]
]]>
</artwork> Key</td>
<td><xref target="RFC6605" sectionFormat="comma" section="4"/></td>
<td><xref target="RFC8005"/></td>
</tr>
</tbody>
</table>
<t>
IANA is requested to update the added a reference of that registry by
adding the RFC number to be assigned to this document. document to the "Algorithm Type Field" registry.
</t>
</section>
<section anchor="IANA_IPSECKEY_Alg_add" numbered="true" toc="default"> <name>Add to the Algorithm Type Field Subregistry</name> Registry</name>
<t>
Further, this document requests IANA to make has made the following addition
to the "IPSECKEY Resource Record Parameters" <xref
target="IANA-IPSECKEY" format="default"/> registry:
</t>
<dl newline="true">
<dt>IPSECKEY:</dt>
<dd>
This document defines the new IPSECKEY value TBD1
(suggested: 4) (<xref target="IPSECKEY" format="default"/>)
in the "Algorithm Type Field" subregistry of registry within the "IPSECKEY Resource Record Parameters" registry.
</dd>
</dl>
<artwork name="" type="" align="left" alt="">
<![CDATA[
Value Description Format description Reference
TBD1 An <xref
target="IANA-IPSECKEY" format="default"/>:
</t>
<table anchor="table3">
<name></name>
<thead>
<tr>
<th>Value</th>
<th>Description</th>
<th>Format Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>4</td>
<td>An EdDSA Public Key [RFC8080], Sec. 3 [ThisRFC]
]]>
</artwork> Key</td>
<td><xref target="RFC8080" sectionFormat="comma" section="3"/></td>
<td>This RFC</td>
</tr>
</tbody>
</table>
</section>
</section>
</section>
<section anchor="security-considerations" numbered="true" toc="default"> <name>Security Considerations</name>
<t>
No new issues than
The security considerations discussed in <xref target="RFC4025" format="default"/>
describes. apply. This document
does not introduce any new security considerations.
</t>
</section>
</middle>
<back>
<references> <name>References</name>
<references title="Normative References">
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8080.xml"/>
<reference anchor="IANA-IPSECKEY" target="https://www.iana.org/assignments/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml"> target="https://www.iana.org/assignments/ipseckey-rr-parameters">
<front>
<title>IPSECKEY Resource Record Parameters</title>
<author><organization>IANA</organization></author>
</front>
</reference>
<!-- <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> -->
<!-- <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> -->
</references>
<references title="Informative References">
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4025.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3110.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6605.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2536.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8005.xml"/>
</references>
</references>
<section numbered="true" toc="default"> <name>IPSECKEY EdDSA example</name> Example</name>
<t>
The following is an example of an IPSECKEY RR with no gateway, and an
EdDSA public
key base64 encode with no gateway: key. It uses the IPSECKEY presentation format which is base64.
</t>
<artwork name="" type="" align="left" alt="">
<![CDATA[
foo.example.com. IN IPSECKEY (
10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
]]>
</artwork>
<t>
The associated EdDSA private key (in hex): hex) is as follows:
</t>
<artwork name="" type="" align="left" alt="">
<![CDATA[
c7be71a45cbf87785f639dc4fd1c82637c21b5e02488939976ece32b9268d0b7
]]>
</artwork>
</section>
<section numbered="false" toc="default"> <name>Acknowledgments</name>
<t>
Thanks to the Security Area director, Paul Wouters, Director, <contact fullname="Paul Wouters"/>, for his initial review.
And Also, thanks to Security Area director, Roman Danyliw, Director, <contact fullname="Roman Danyliw"/>, for his final reviews and
draft document shepherding.
</t>
</section>
</back>
</rfc>