draft-ietf-dnsext-tsig-sha-06.txt

来自「非常好的dns解析软件」· 文本 代码 · 共 523 行 · 第 1/2 页

INTERNET-DRAFT                                    Donald E. Eastlake 3rd
UPDATES RFC 2845                                   Motorola Laboratories
Expires: July 2006                                          January 2006

                  HMAC SHA TSIG Algorithm Identifiers
                  ---- --- ---- --------- -----------
                  <draft-ietf-dnsext-tsig-sha-06.txt>


Status of This Document

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   This draft is intended to be become a Proposed Standard RFC.
   Distribution of this document is unlimited. Comments should be sent
   to the DNSEXT working group mailing list <namedroppers@ops.ietf.org>.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Abstract

   Use of the Domain Name System TSIG resource record requires
   specification of a cryptographic message authentication code.
   Currently identifiers have been specified only for the HMAC MD5
   (Message Digest) and GSS (Generic Security Service) TSIG algorithms.
   This document standardizes identifiers and implementation
   requirements for additional HMAC SHA (Secure Hash Algorithm) TSIG
   algorithms and standardizes how to specify and handle the truncation
   of HMAC values in TSIG.


Copyright Notice

   Copyright (C) The Internet Society (2006).



D. Eastlake 3rd                                                 [Page 1]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


Table of Contents

      Status of This Document....................................1
      Abstract...................................................1
      Copyright Notice...........................................1

      Table of Contents..........................................2

      1. Introduction............................................3

      2. Algorithms and Identifiers..............................4

      3. Specifying Truncation...................................5
      3.1 Truncation Specification...............................5

      4. TSIG Truncation Policy and Error Provisions.............6

      5. IANA Considerations.....................................7
      6. Security Considerations.................................7
      7. Copyright and Disclaimer................................7

      8. Normative References....................................8
      9. Informative References..................................8

      Author's Address...........................................9
      Additional IPR Provisions..................................9
      Expiration and File Name...................................9

























D. Eastlake 3rd                                                 [Page 2]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


1. Introduction

   [RFC 2845] specifies a TSIG Resource Record (RR) that can be used to
   authenticate DNS (Domain Name System [STD 13]) queries and responses.
   This RR contains a domain name syntax data item which names the
   authentication algorithm used. [RFC 2845] defines the HMAC-MD5.SIG-
   ALG.REG.INT name for authentication codes using the HMAC [RFC 2104]
   algorithm with the MD5 [RFC 1321] hash algorithm. IANA has also
   registered "gss-tsig" as an identifier for TSIG authentication where
   the cryptographic operations are delegated to the Generic Security
   Service (GSS) [RFC 3645].

   It should be noted that use of TSIG presumes prior agreement, between
   the resolver and server involved, as to the algorithm and key to be
   used.

   In Section 2, this document specifies additional names for TSIG
   authentication algorithms based on US NIST SHA (United States,
   National Institute of Science and Technology, Secure Hash Algorithm)
   algorithms and HMAC and specifies the implementation requirements for
   those algorithms.

   In Section 3, this document specifies the effect of inequality
   between the normal output size of the specified hash function and the
   length of MAC (message authentication code) data given in the TSIG
   RR. In particular, it specifies that a shorter length field value
   specifies truncation and a longer length field is an error.

   In Section 4, policy restrictions and implications related to
   truncation and a new error code to indicate truncation shorter than
   permitted by policy are described and specified.

   The use herein of MUST, SHOULD, MAY, MUST NOT, and SHOULD NOT is as
   defined in [RFC 2119].


















D. Eastlake 3rd                                                 [Page 3]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


2. Algorithms and Identifiers

   TSIG Resource Records (RRs) [RFC 2845] are used to authenticate DNS
   queries and responses.  They are intended to be efficient symmetric
   authentication codes based on a shared secret. (Asymmetric signatures
   can be provided using the SIG RR [RFC 2931]. In particular, SIG(0)
   can be used for transaction signatures.) Used with a strong hash
   function, HMAC [RFC 2104] provides a way to calculate such symmetric
   authentication codes. The only specified HMAC based TSIG algorithm
   identifier has been HMAC-MD5.SIG-ALG.REG.INT based on MD5 [RFC 1321].

   The use of SHA-1 [FIPS 180-2, RFC 3174], which is a 160 bit hash, as
   compared with the 128 bits for MD5, and additional hash algorithms in
   the SHA family [FIPS 180-2, RFC 3874, SHA2draft] with 224, 256, 384,
   and 512 bits, may be preferred in some cases particularly since
   increasingly successful cryptanalytic attacks are being made on the
   shorter hashes.

   Use of TSIG between a DNS resolver and server is by mutual agreement.
   That agreement can include the support of additional algorithms and
   criteria as to which algorithms and truncations are acceptable,
   subject to the restriction and guidelines in Section 3 and 4 below.
   Key agreement can be by the TKEY mechanism [RFC 2930] or other
   mutually agreeable method.

   The current HMAC-MD5.SIG-ALG.REG.INT and gss-tsig identifiers are
   included in the table below for convenience.  Implementations which
   support TSIG MUST also implement HMAC SHA1 and HMAC SHA256 and MAY
   implement gss-tsig and the other algorithms listed below.

         Mandatory      HMAC-MD5.SIG-ALG.REG.INT
         Optional       gss-tsig
         Mandatory      hmac-sha1
         Optional       hmac-sha224
         Mandatory      hmac-sha256
         Optional       hamc-sha384
         Optional       hmac-sha512

   SHA-1 truncated to 96 bits (12 octets) SHOULD be implemented.













D. Eastlake 3rd                                                 [Page 4]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


3. Specifying Truncation

   When space is at a premium and the strength of the full length of an
   HMAC is not needed, it is reasonable to truncate the HMAC output and
   use the truncated value for authentication. HMAC SHA-1 truncated to
   96 bits is an option available in several IETF protocols including
   IPSEC and TLS.

   The TSIG RR [RFC 2845] includes a "MAC size" field, which gives the
   size of the MAC field in octets. But [RFC 2845] does not specify what
   to do if this MAC size differs from the length of the output of HMAC
   for a particular hash function. Truncation is indicated by a MAC size
   less than the HMAC size as specified below.



3.1 Truncation Specification

   The specification for TSIG handling is changed as follows:

   1. If "MAC size" field is greater than HMAC output length:
         This case MUST NOT be generated and if received MUST cause the
      packet to be dropped and RCODE 1 (FORMERR) to be returned.

   2. If "MAC size" field equals HMAC output length:
         Operation is as described in [RFC 2845] with the entire output