Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
RFC 4509
Document | Type | RFC - Proposed Standard (May 2006; Errata) | |
---|---|---|---|
Author | Wes Hardaker | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4509 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | olaf@nlnetlabs.nl |
Network Working Group W. Hardaker Request for Comments: 4509 Sparta Category: Standards Track May 2006 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document specifies how to use the SHA-256 digest type in DNS Delegation Signer (DS) Resource Records (RRs). DS records, when stored in a parent zone, point to DNSKEYs in a child zone. Table of Contents 1. Introduction ....................................................2 2. Implementing the SHA-256 Algorithm for DS Record Support ........2 2.1. DS Record Field Values .....................................2 2.2. DS Record with SHA-256 Wire Format .........................3 2.3. Example DS Record Using SHA-256 ............................3 3. Implementation Requirements .....................................3 4. Deployment Considerations .......................................4 5. IANA Considerations .............................................4 6. Security Considerations .........................................4 6.1. Potential Digest Type Downgrade Attacks ....................4 6.2. SHA-1 vs SHA-256 Considerations for DS Records .............5 7. Acknowledgements ................................................5 8. References ......................................................6 8.1. Normative References .......................................6 8.2. Informative References .....................................6 Hardaker Standards Track [Page 1] RFC 4509 Use of SHA-256 in DNSSEC DS RRs May 2006 1. Introduction The DNSSEC [RFC4033] [RFC4034] [RFC4035] DS RR is published in parent zones to distribute a cryptographic digest of one key in a child's DNSKEY RRset. The DS RRset is signed by at least one of the parent zone's private zone data signing keys for each algorithm in use by the parent. Each signature is published in an RRSIG resource record, owned by the same domain as the DS RRset, with a type covered of DS. In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in [RFC2119]. 2. Implementing the SHA-256 Algorithm for DS Record Support This document specifies that the digest type code 2 has been assigned to SHA-256 [SHA256] [SHA256CODE] for use within DS records. The results of the digest algorithm MUST NOT be truncated, and the entire 32 byte digest result is to be published in the DS record. 2.1. DS Record Field Values Using the SHA-256 digest algorithm within a DS record will make use of the following DS-record fields: Digest type: 2 Digest: A SHA-256 bit digest value calculated by using the following formula ("|" denotes concatenation). The resulting value is not truncated, and the entire 32 byte result is to be used in the resulting DS record and related calculations. digest = SHA_256(DNSKEY owner name | DNSKEY RDATA) where DNSKEY RDATA is defined by [RFC4034] as: DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key The Key Tag field and Algorithm fields remain unchanged by this document and are specified in the [RFC4034] specification. Hardaker Standards Track [Page 2] RFC 4509 Use of SHA-256 in DNSSEC DS RRs May 2006 2.2. DS Record with SHA-256 Wire Format The resulting on-the-wire format for the resulting DS record will be as follows: 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key Tag | Algorithm | DigestType=2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Digest (length for SHA-256 is 32 bytes) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| 2.3. Example DS Record Using SHA-256 The following is an example DNSKEY and matching DS record. This DNSKEY record comes from the example DNSKEY/DS records found inShow full document text