[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt

To: roy@nominet.org.uk,namedroppers@ops.ietf.org
Subject: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
From: Michael StJohns <mstjohns@comcast.net>
Date: Tue, 11 Dec 2007 12:24:55 -0500
In-reply-to: <OFD4BE16B6.E3F46280-ON802573AE.0057A61B-802573AE.0058425B@ nominet.org.uk>
References: <E1J25o9-0006zm-Pi@stiedprstage1.ietf.org> <OFD4BE16B6.E3F46280-ON802573AE.0057A61B-802573AE.0058425B@nominet.org.uk>

A couple of comments and questions:

Since 3110 permits RSA keys as short as 512 bits you should probably note that SHA512 can't be used with keys of that length due to padding considerations.  Per PKCS1 the hash size has to be at least 11 octets shorter than the key length.

The ID lists allocations for SHA256-NSEC3 etc - but there's no body text related to NSEC3.  This is probably not the right place to list those allocations.  Given that NSEC3 ID still isn't closed (or may only have closed today) it may be more appropriate to list the allocations there.

This document doesn't specify WHICH signature mechanism of the two listed in PKCS1 should be used - from context its PKCS 1 v1.5, but should be stated explicitly.

There's some low level mumbling in the security community to deprecate 1.5 padding and the original signature mechanism and replace them with RSASSA-PSS and RSA-OAEP.  There should at least be a discussion about this set of choices and why DNSSEC is sticking with RSASSA-PKCS1-v1_5.

Following the item above on key length, there needs to either be a discussion of the appropriate hash algorithm to use with which key lengths or a pointer a document which describes this (e.g. NIST 800-57) or preferably both.

At 11:04 12/11/2007, roy@nominet.org.uk wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts 
>directories.
>> This draft is a work item of the DNS Extensions Working Group of the 
>IETF.
>> 
>> 
>>    Title           : Use of SHA-2 algorithms with RSA in DNSKEY and 
>> RRSIG Resource Records for DNSSEC
>>    Author(s)       : J. Jansen
>>    Filename        : draft-ietf-dnsext-dnssec-rsasha256-02.txt
>>    Pages           : 8
>>    Date            : 2007-12-11
>> 
>> This document describes how to produce RSA/SHA-256 and RSA/SHA-512
>> DNSKEY and RRSIG resource records for use in the Domain Name System
>> Security Extensions (DNSSEC, RFC4033, RFC4034, and RFC4035).
>
>I think it is a good idea to add that the use of SHA-2 algorithms over 
>SHA-1 does not have an impact on the RRSIG length. 
>
>Roy
>
>--
>to unsubscribe send a message to namedroppers-request@ops.ietf.org with
>the word 'unsubscribe' in a single line as the message text body.
>archive: <http://ops.ietf.org/lists/namedroppers/>

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
  - From: Jelte Jansen <jelte@NLnetLabs.nl>

References:
- I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
  - From: Internet-Drafts@ietf.org
- Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
  - From: roy@nominet.org.uk

Prev by Date: NSEC-13 conclusion
Next by Date: Re: NSEC-13 conclusion
Previous by thread: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
Next by thread: Re: I-D Action:draft-ietf-dnsext-dnssec-rsasha256-02.txt
Index(es):
- Date
- Thread