Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
RFC 4509
Document Type RFC - Proposed Standard (May 2006; Errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4509 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Margaret Cullen
Send notices to olaf@nlnetlabs.nl
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                        W. Hardaker
Request for Comments: 4509                                        Sparta
Category: Standards Track                                       May 2006

 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document specifies how to use the SHA-256 digest type in DNS
   Delegation Signer (DS) Resource Records (RRs).  DS records, when
   stored in a parent zone, point to DNSKEYs in a child zone.

Table of Contents

   1. Introduction ....................................................2
   2. Implementing the SHA-256 Algorithm for DS Record Support ........2
      2.1. DS Record Field Values .....................................2
      2.2. DS Record with SHA-256 Wire Format .........................3
      2.3. Example DS Record Using SHA-256 ............................3
   3. Implementation Requirements .....................................3
   4. Deployment Considerations .......................................4
   5. IANA Considerations .............................................4
   6. Security Considerations .........................................4
      6.1. Potential Digest Type Downgrade Attacks ....................4
      6.2. SHA-1 vs SHA-256 Considerations for DS Records .............5
   7. Acknowledgements ................................................5
   8. References ......................................................6
      8.1. Normative References .......................................6
      8.2. Informative References .....................................6

Hardaker                    Standards Track                     [Page 1]
RFC 4509            Use of SHA-256 in DNSSEC DS RRs             May 2006

1.  Introduction

   The DNSSEC [RFC4033] [RFC4034] [RFC4035] DS RR is published in parent
   zones to distribute a cryptographic digest of one key in a child's
   DNSKEY RRset.  The DS RRset is signed by at least one of the parent
   zone's private zone data signing keys for each algorithm in use by
   the parent.  Each signature is published in an RRSIG resource record,
   owned by the same domain as the DS RRset, with a type covered of DS.

   In this document, the key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" are to be interpreted as described in [RFC2119].

2.  Implementing the SHA-256 Algorithm for DS Record Support

   This document specifies that the digest type code 2 has been assigned
   to SHA-256 [SHA256] [SHA256CODE] for use within DS records.  The
   results of the digest algorithm MUST NOT be truncated, and the entire
   32 byte digest result is to be published in the DS record.

2.1.  DS Record Field Values

   Using the SHA-256 digest algorithm within a DS record will make use
   of the following DS-record fields:

   Digest type: 2

   Digest: A SHA-256 bit digest value calculated by using the following
      formula ("|" denotes concatenation).  The resulting value is not
      truncated, and the entire 32 byte result is to be used in the
      resulting DS record and related calculations.

        digest = SHA_256(DNSKEY owner name | DNSKEY RDATA)

      where DNSKEY RDATA is defined by [RFC4034] as:

        DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key

   The Key Tag field and Algorithm fields remain unchanged by this
   document and are specified in the [RFC4034] specification.

Hardaker                    Standards Track                     [Page 2]
RFC 4509            Use of SHA-256 in DNSSEC DS RRs             May 2006

2.2.  DS Record with SHA-256 Wire Format

   The resulting on-the-wire format for the resulting DS record will be
   as follows:

                          1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           Key Tag             |  Algorithm    | DigestType=2  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     /                                                               /
     /            Digest  (length for SHA-256 is 32 bytes)           /
     /                                                               /
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|

2.3.  Example DS Record Using SHA-256

   The following is an example DNSKEY and matching DS record.  This
   DNSKEY record comes from the example DNSKEY/DS records found in
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools