rfc9373.original.xml   rfc9373.xml 
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- draft submitted in xml v3 -->
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?> <!DOCTYPE rfc [
<?rfc sortrefs="yes"?> <!ENTITY nbsp "&#160;">
<?rfc compact="yes" ?> <!ENTITY zwsp "&#8203;">
<?rfc subcompact="no" ?> <!ENTITY nbhy "&#8209;">
<?rfc iprnotified="no" ?> <!ENTITY wj "&#8288;">
<?rfc strict="no" ?> ]>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" consensus="true" docName="draft-
moskowitz-ipsecme-ipseckey-eddsa-09" <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="
category="std" ipr="trust200902" obsoletes="" submissionType="IETF" std" consensus="true" docName="draft-moskowitz-ipsecme-ipseckey-eddsa-09" number
xml:lang="en" tocInclude="true" symRefs="true" sortRefs="true" version="3 ="9373" ipr="trust200902" obsoletes="" updates="" xml:lang="en" tocInclude="true
"> " symRefs="true" sortRefs="true" version="3">
<front> <title abbrev="IPSECKEY EdDSA">EdDSA value for IPSECKEY</title> <front> <title abbrev="IPSECKEY EdDSA">EdDSA value for IPSECKEY</title>
<seriesInfo name="Internet-Draft" value="draft-moskowitz-ipsecme-ipseckey-ed dsa-09"/> <seriesInfo name="RFC" value="9373"/>
<author fullname="Robert Moskowitz" initials="R" surname="Moskowitz"> <author fullname="Robert Moskowitz" initials="R" surname="Moskowitz">
<organization>HTT Consulting</organization> <organization>HTT Consulting</organization>
<address> <address>
<postal> <postal>
<street></street> <street></street>
<city>Oak Park</city> <city>Oak Park</city>
<region>MI</region> <region>MI</region>
<code>48237</code> <code>48237</code>
<country>USA</country> <country>USA</country>
</postal> </postal>
<email>rgm@labs.htt-consult.com</email> <email>rgm@labs.htt-consult.com</email>
</address> </address>
</author> </author>
<author fullname="Tero Kivinen" initials="T" surname="Kivinen"> <author fullname="Tero Kivinen" initials="T" surname="Kivinen">
<address> <address>
<email>kivinen@iki.fi</email> <email>kivinen@iki.fi</email>
</address> </address>
</author> </author>
<author fullname="Michael C. Richardson" initials="M." surname="Richardso n"> <author fullname="Michael C. Richardson" initials="M." surname="Richardso n">
<organization abbrev="Sandelman">Sandelman Software Works</organization> <organization abbrev="Sandelman">Sandelman Software Works</organization>
<address> <address>
<email>mcr+ietf@sandelman.ca</email> <email>mcr+ietf@sandelman.ca</email>
<uri>https://www.sandelman.ca/</uri> <uri>https://www.sandelman.ca/</uri>
</address> </address>
</author> </author>
<date year="2023" /> <date year="2023" month="March" />
<area>Internet</area> <area>sec</area>
<workgroup>IPSECME</workgroup> <keyword>IPSECKEY EdDSA</keyword>
<keyword>RFC</keyword>
<keyword>Request for Comments</keyword>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<keyword>IPSECKEY EdDSA</keyword>
<abstract> <abstract>
<t> <t>
This document assigns a value for EdDSA Public Keys to the IPSECKEY This document assigns a value for Edwards-Curve Digital Signature Algorit
IANA registry. hm (EdDSA) Public Keys to the "IPSECKEY Resource Record Parameters" registry.
</t> </t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section numbered="true" toc="default"> <name>Introduction</name> <section numbered="true" toc="default"> <name>Introduction</name>
<t> <t>
IPSECKEY [RFC4025) is a resource record (RR) for the Domain Name IPSECKEY <xref target="RFC4025"/> is a resource record (RR) for the Domai n Name
System (DNS) that is used to store public keys for use in IP System (DNS) that is used to store public keys for use in IP
security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY
Algorithm Type Field registry <xref target="IANA-IPSECKEY" "Algorithm Type Field" registry <xref target="IANA-IPSECKEY"
format="default"/> to enumerate the permissible formats for the format="default"/> to enumerate the permissible formats for the
public keys. public keys.
</t> </t>
<t> <t>
This document adds support for Edwards-Curve Digital Security This document adds support for Edwards-Curve Digital Security
Algorithm (EdDSA) public keys in the format defined in <xref Algorithm (EdDSA) public keys in the format defined in <xref
target="RFC8080" format="default"/> to the IPSECKEY RR. target="RFC8080" format="default"/> to the IPSECKEY RR.
</t> </t>
</section> </section>
<section anchor="IPSECKEY" numbered="true" toc="default"> <name>IPSECKEY support for EdDSA</name> <section anchor="IPSECKEY" numbered="true" toc="default"> <name>IPSECKEY Support for EdDSA</name>
<t> <t>
When using the EdDSA public key in the IPSECKEY RR, then the value When using the EdDSA public key in the IPSECKEY RR, the value
TBD1 is used as an algorithm and the public key is formatted as 4 is used as an algorithm and the public key is formatted as
specified in Section 3 of the "Edwards-Curve Digital Security specified in "Edwards-Curve Digital Security
Algorithm (EdDSA) for DNSSEC" (<xref target="RFC8080" Algorithm (EdDSA) for DNSSEC" (<xref target="RFC8080"
format="default"/>) document. sectionFormat="of" section="3"/>).
</t> </t>
<artwork name="" type="" align="left" alt=""> <table anchor="table1">
<![CDATA[ <name></name>
Value Description Format description Reference <thead>
<tr>
<th>Value</th>
<th>Description</th>
<th>Format Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>4</td>
<td>An EdDSA Public Key</td>
<td><xref target="RFC8080" sectionFormat="comma" section="3"/></td>
<td>This RFC</td>
</tr>
</tbody>
</table>
TBD1 An EdDSA Public Key [RFC8080], Sec. 3 [ThisRFC]
]]>
</artwork>
</section> </section>
<section anchor="IANA" numbered="true" toc="default"> <name>IANA Considerations< /name> <section anchor="IANA" numbered="true" toc="default"> <name>IANA Considerations< /name>
<section anchor="IANA_IPSECKEY_reg" numbered="true" toc="default"> <name>IANA IP <section anchor="IANA_IPSECKEY_reg" numbered="true" toc="default"> <name>Update
SECKEY Registry Update</name> to the IANA IPSECKEY Registry</name>
<section anchor="IANA_IPSECKEY_Alg_format" numbered="true" toc="default"> <name> <section anchor="IANA_IPSECKEY_Alg_format" numbered="true" toc="default"> <name>
Reformat Algorithm Type Field Subregistry</name> Reformat the Algorithm Type Field Registry</name>
<t> <t>
This document requests IANA to add a new field “Format Per this document, IANA has added the "Format
description” to the "Algorithm Type Field" subregistry of the Description" field to the "Algorithm Type Field" registry of the
"IPSECKEY Resource Record Parameters" <xref target="IANA-IPSECKEY" "IPSECKEY Resource Record Parameters" <xref target="IANA-IPSECKEY"
format="default"/>. Also, this document requests IANA to update the format="default"/>. In addition, IANA has updated the
"Description" field in existing entries of that registry to "Description" field in existing entries of that registry to
explicitly state that is for "Public" keys: explicitly state that they are for "Public" keys:
</t> </t>
<artwork name="" type="" align="left" alt=""> <table anchor="table2">
<![CDATA[ <name></name>
Value Description Format description Reference <thead>
0 No Public key is present [RFC4025] <tr>
1 A DSA Public Key [RFC2536], Sec. 2 [RFC4025] <th>Value</th> <!-- <th>: headings -->
2 A RSA Public Key [RFC3110], Sec. 2 [RFC4025] <th>Description</th>
3 An ECDSA Public Key [RFC6605], Sec. 4 [RFC8005] <th>Format Description</th>
]]> <th>Reference</th>
</artwork> </tr>
</thead>
<tbody> <!-- The rows -->
<tr>
<td>0</td>
<td>No Public key is present</td>
<td></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>1</td>
<td>A DSA Public Key</td>
<td><xref target="RFC2536" sectionFormat="comma" section="2"/></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>2</td>
<td>An RSA Public Key</td>
<td><xref target="RFC3110" sectionFormat="comma" section="2"/></td>
<td><xref target="RFC4025"/></td>
</tr>
<tr>
<td>3</td>
<td>An ECDSA Public Key</td>
<td><xref target="RFC6605" sectionFormat="comma" section="4"/></td>
<td><xref target="RFC8005"/></td>
</tr>
</tbody>
</table>
<t> <t>
IANA is requested to update the reference of that registry by IANA added a reference to this document to the "Algorithm Type Field" reg
adding the RFC number to be assigned to this document. istry.
</t> </t>
</section> </section>
<section anchor="IANA_IPSECKEY_Alg_add" numbered="true" toc="default"> <name>Add to Algorithm Type Field Subregistry</name> <section anchor="IANA_IPSECKEY_Alg_add" numbered="true" toc="default"> <name>Add to the Algorithm Type Field Registry</name>
<t> <t>
Further, this document requests IANA to make the following addition Further, IANA has made the following addition
to the "IPSECKEY Resource Record Parameters" <xref to the "Algorithm Type Field" registry within the "IPSECKEY Resource Reco
target="IANA-IPSECKEY" format="default"/> registry: rd Parameters" <xref
target="IANA-IPSECKEY" format="default"/>:
</t> </t>
<dl newline="true">
<dt>IPSECKEY:</dt>
<dd>
This document defines the new IPSECKEY value TBD1
(suggested: 4) (<xref target="IPSECKEY" format="default"/
>)
in the "Algorithm Type Field" subregistry of the "IPSECKE
Y
Resource Record Parameters" registry.
</dd>
</dl>
<artwork name="" type="" align="left" alt="">
<![CDATA[
Value Description Format description Reference
TBD1 An EdDSA Public Key [RFC8080], Sec. 3 [ThisRFC] <table anchor="table3">
]]> <name></name>
</artwork> <thead>
<tr>
<th>Value</th>
<th>Description</th>
<th>Format Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>4</td>
<td>An EdDSA Public Key</td>
<td><xref target="RFC8080" sectionFormat="comma" section="3"/></td>
<td>This RFC</td>
</tr>
</tbody>
</table>
</section> </section>
</section> </section>
</section> </section>
<section anchor="security-considerations" numbered="true" toc="default"> <name>S ecurity Considerations</name> <section anchor="security-considerations" numbered="true" toc="default"> <name>S ecurity Considerations</name>
<t> <t>
No new issues than <xref target="RFC4025" format="default"/> The security considerations discussed in <xref target="RFC4025" format="defau
describes. lt"/> apply. This document
does not introduce any new security considerations.
</t> </t>
</section> </section>
</middle> </middle>
<back> <back>
<references> <name>References</name> <references> <name>References</name>
<references title="Normative References"> <references title="Normative References">
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.80 80.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.80 80.xml"/>
<reference anchor="IANA-IPSECKEY" target="https://www.iana.org/assignmen
ts/ipseckey-rr-parameters/ipseckey-rr-parameters.xhtml"> <reference anchor="IANA-IPSECKEY" target="https://www.iana.org/assignmen
ts/ipseckey-rr-parameters">
<front> <front>
<title>IPSECKEY Resource Record Parameters</title> <title>IPSECKEY Resource Record Parameters</title>
<author><organization>IANA</organization></author> <author><organization>IANA</organization></author>
</front> </front>
</reference> </reference>
<!-- <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.2119.xml"/> -->
<!-- <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8174.xml"/> -->
</references> </references>
<references title="Informative References"> <references title="Informative References">
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.40 25.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.40 25.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.31
10.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.66
05.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.25
36.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.80
05.xml"/>
</references> </references>
</references> </references>
<section numbered="true" toc="default"> <name>IPSECKEY EdDSA example</name> <section numbered="true" toc="default"> <name>IPSECKEY EdDSA Example</name>
<t> <t>
The following is an example of an IPSECKEY RR with an EdDSA public The following is an example of an IPSECKEY RR with no gateway, and an
key base64 encode with no gateway: EdDSA public key. It uses the IPSECKEY presentation format which is base64.
</t> </t>
<artwork name="" type="" align="left" alt=""> <artwork name="" type="" align="left" alt="">
<![CDATA[ <![CDATA[
foo.example.com. IN IPSECKEY ( foo.example.com. IN IPSECKEY (
10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= ) 10 0 4 . 3WTXgUvpn1RlCXnm80gGY2LZ/ErUUEZtZ33IDi8yfhM= )
]]> ]]>
</artwork> </artwork>
<t> <t>
The associated EdDSA private key (in hex): The associated EdDSA private key (in hex) is as follows:
</t> </t>
<artwork name="" type="" align="left" alt=""> <artwork name="" type="" align="left" alt="">
<![CDATA[ <![CDATA[
c7be71a45cbf87785f639dc4fd1c82637c21b5e02488939976ece32b9268d0b7 c7be71a45cbf87785f639dc4fd1c82637c21b5e02488939976ece32b9268d0b7
]]> ]]>
</artwork> </artwork>
</section> </section>
<section numbered="false" toc="default"> <name>Acknowledgments</name> <section numbered="false" toc="default"> <name>Acknowledgments</name>
<t> <t>
Thanks to Security Area director, Paul Wouters, for initial review. Thanks to the Security Area Director, <contact fullname="Paul Wouters"/>,
And Security Area director, Roman Danyliw, for final reviews and for his initial review. Also, thanks to Security Area Director, <contact fullna
draft shepherding. me="Roman Danyliw"/>, for his final reviews and document shepherding.
</t> </t>
</section> </section>
</back> </back>
</rfc> </rfc>
 End of changes. 31 change blocks. 
95 lines changed or deleted 145 lines changed or added

This html diff was produced by rfcdiff 1.48.