Network Working Group D. Eastlake
Request for Comments: 2539 IBM
Category: Standards Track March 1999
Network Working Group D. Eastlake
Request for Comments: 2539 IBM
Category: Standards Track March 1999
Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
在域名系统(DNS)中存储Diffie-Hellman密钥
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
A standard method for storing Diffie-Hellman keys in the Domain Name System is described which utilizes DNS KEY resource records.
描述了在域名系统中存储Diffie-Hellman密钥的标准方法,该方法利用DNS密钥资源记录。
Acknowledgements
致谢
Part of the format for Diffie-Hellman keys and the description thereof was taken from a work in progress by:
Diffie-Hellman密钥的部分格式及其说明摘自以下正在进行的工作:
Ashar Aziz <ashar.aziz@eng.sun.com>
Tom Markson <markson@incog.com>
Hemma Prafullchandra <hemma@eng.sun.com>
Ashar Aziz <ashar.aziz@eng.sun.com>
Tom Markson <markson@incog.com>
Hemma Prafullchandra <hemma@eng.sun.com>
In addition, the following person provided useful comments that have been incorporated:
此外,以下人士提供了有用的意见,这些意见已纳入其中:
Ran Atkinson <rja@inet.org>
Thomas Narten <narten@raleigh.ibm.com>
Ran Atkinson <rja@inet.org>
Thomas Narten <narten@raleigh.ibm.com>
Table of Contents
目录
Abstract...................................................1
Acknowledgements...........................................1
1. Introduction............................................2
1.1 About This Document....................................2
1.2 About Diffie-Hellman...................................2
2. Diffie-Hellman KEY Resource Records.....................3
3. Performance Considerations..............................4
4. IANA Considerations.....................................4
5. Security Considerations.................................4
References.................................................5
Author's Address...........................................5
Appendix A: Well known prime/generator pairs...............6
A.1. Well-Known Group 1: A 768 bit prime..................6
A.2. Well-Known Group 2: A 1024 bit prime.................6
Full Copyright Notice......................................7
Abstract...................................................1
Acknowledgements...........................................1
1. Introduction............................................2
1.1 About This Document....................................2
1.2 About Diffie-Hellman...................................2
2. Diffie-Hellman KEY Resource Records.....................3
3. Performance Considerations..............................4
4. IANA Considerations.....................................4
5. Security Considerations.................................4
References.................................................5
Author's Address...........................................5
Appendix A: Well known prime/generator pairs...............6
A.1. Well-Known Group 1: A 768 bit prime..................6
A.2. Well-Known Group 2: A 1024 bit prime.................6
Full Copyright Notice......................................7
The Domain Name System (DNS) is the current global hierarchical replicated distributed database system for Internet addressing, mail proxy, and similar information. The DNS has been extended to include digital signatures and cryptographic keys as described in [RFC 2535]. Thus the DNS can now be used for secure key distribution.
域名系统(DNS)是当前用于Internet寻址、邮件代理和类似信息的全局分层复制分布式数据库系统。DNS已扩展为包括[RFC 2535]中所述的数字签名和加密密钥。因此,DNS现在可以用于安全密钥分发。
This document describes how to store Diffie-Hellman keys in the DNS. Familiarity with the Diffie-Hellman key exchange algorithm is assumed [Schneier].
本文档描述如何在DNS中存储Diffie Hellman密钥。假设熟悉Diffie-Hellman密钥交换算法[Schneier]。
Diffie-Hellman requires two parties to interact to derive keying information which can then be used for authentication. Since DNS SIG RRs are primarily used as stored authenticators of zone information for many different resolvers, no Diffie-Hellman algorithm SIG RR is defined. For example, assume that two parties have local secrets "i" and "j". Assume they each respectively calculate X and Y as follows:
Diffie-Hellman要求双方进行交互,以获取密钥信息,然后将其用于身份验证。由于DNS SIG RR主要用作许多不同解析程序的区域信息的存储身份验证程序,因此未定义Diffie-Hellman算法SIG RR。例如,假设双方都有本地机密“i”和“j”。假设它们分别计算X和Y,如下所示:
X = g**i ( mod p ) Y = g**j ( mod p )
X = g**i ( mod p ) Y = g**j ( mod p )
They exchange these quantities and then each calculates a Z as follows:
它们交换这些量,然后各自计算Z,如下所示:
Zi = Y**i ( mod p ) Zj = X**j ( mod p )
Zi = Y**i ( mod p ) Zj = X**j ( mod p )
shared secret between the two parties that an adversary who does not know i or j will not be able to learn from the exchanged messages (unless the adversary can derive i or j by performing a discrete logarithm mod p which is hard for strong p and g).
双方之间的共享秘密,不知道i或j的对手将无法从交换的消息中学习(除非对手可以通过执行离散对数mod p导出i或j,这对于强p和g来说很难)。
The private key for each party is their secret i (or j). The public key is the pair p and g, which must be the same for the parties, and their individual X (or Y).
各方的私钥是他们的秘密i(或j)。公钥是p和g对,对于双方及其各自的X(或Y)必须相同。
Diffie-Hellman keys are stored in the DNS as KEY RRs using algorithm number 2. The structure of the RDATA portion of this RR is as shown below. The first 4 octets, including the flags, protocol, and algorithm fields are common to all KEY RRs as described in [RFC 2535]. The remainder, from prime length through public value is the "public key" part of the KEY RR. The period of key validity is not in the KEY RR but is indicated by the SIG RR(s) which signs and authenticates the KEY RR(s) at that domain name.
Diffie-Hellman密钥使用算法2作为密钥RRs存储在DNS中。此RR的RDATA部分的结构如下所示。如[RFC 2535]所述,前4个八位字节(包括标志、协议和算法字段)是所有密钥RRs的公用字段。从素数长度到公共值的其余部分是密钥RR的“公钥”部分。密钥有效期不在密钥RR中,而是由SIG RR指示,SIG RR在该域名处对密钥RR进行签名和认证。
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| KEY flags | protocol | algorithm=2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| prime length (or flag) | prime (p) (or special) /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ prime (p) (variable length) | generator length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| generator (g) (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| public value length | public value (variable length)/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ public value (g^i mod p) (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| KEY flags | protocol | algorithm=2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| prime length (or flag) | prime (p) (or special) /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ prime (p) (variable length) | generator length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| generator (g) (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| public value length | public value (variable length)/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ public value (g^i mod p) (variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prime length is length of the Diffie-Hellman prime (p) in bytes if it is 16 or greater. Prime contains the binary representation of the Diffie-Hellman prime with most significant byte first (i.e., in network order). If "prime length" field is 1 or 2, then the "prime" field is actually an unsigned index into a table of 65,536 prime/generator pairs and the generator length SHOULD be zero. See Appedix A for defined table entries and Section 4 for information on allocating additional table entries. The meaning of a zero or 3 through 15 value for "prime length" is reserved.
Prime length是Diffie-Hellman Prime(p)的长度,若为16或更大,则以字节为单位。Prime包含Diffie-Hellman Prime的二进制表示形式,最重要的字节在前(即,按网络顺序)。如果“素数长度”字段为1或2,则“素数”字段实际上是65536素数/生成器对表中的无符号索引,生成器长度应为零。有关定义的表条目,请参见附录A;有关分配其他表条目的信息,请参见第4节。保留“素数长度”的0或3到15值的含义。
Generator length is the length of the generator (g) in bytes. Generator is the binary representation of generator with most significant byte first. PublicValueLen is the Length of the Public Value (g**i (mod p)) in bytes. PublicValue is the binary representation of the DH public value with most significant byte first.
Generator length是生成器的长度(g),以字节为单位。生成器是生成器的二进制表示形式,最高有效字节排在第一位。PublicValueLen是公共值的长度(g**i(mod p)),以字节为单位。PublicValue是DH public value的二进制表示形式,最高有效字节在前。
The corresponding algorithm=2 SIG resource record is not used so no format for it is defined.
未使用相应的算法=2 SIG资源记录,因此未定义其格式。
Current DNS implementations are optimized for small transfers, typically less than 512 bytes including overhead. While larger transfers will perform correctly and work is underway to make larger transfers more efficient, it is still advisable to make reasonable efforts to minimize the size of KEY RR sets stored within the DNS consistent with adequate security. Keep in mind that in a secure zone, an authenticating SIG RR will also be returned.
当前的DNS实现针对小型传输进行了优化,包括开销在内,通常小于512字节。虽然更大的传输将正确执行,并且正在努力使更大的传输更有效,但仍建议做出合理的努力,以在充分安全的情况下最小化DNS中存储的密钥RR集的大小。请记住,在安全区域中,还将返回身份验证SIG RR。
Assignment of meaning to Prime Lengths of 0 and 3 through 15 requires an IETF consensus.
将意义分配到0和3到15的素数长度需要IETF共识。
Well known prime/generator pairs number 0x0000 through 0x07FF can only be assigned by an IETF standards action and this Proposed Standard assigns 0x0001 through 0x0002. Pairs number 0s0800 through 0xBFFF can be assigned based on RFC documentation. Pairs number 0xC000 through 0xFFFF are available for private use and are not centrally coordinated. Use of such private pairs outside of a closed environment may result in conflicts.
已知的素数/生成器对编号0x0000到0x07FF只能由IETF标准行动分配,本建议标准分配0x0001到0x0002。可以根据RFC文档分配编号为0s0800到0xBFFF的对。编号为0xC000到0xFFFF的线对可供私人使用,且不进行集中协调。在封闭环境之外使用此类私有对可能会导致冲突。
Many of the general security consideration in [RFC 2535] apply. Keys retrieved from the DNS should not be trusted unless (1) they have been securely obtained from a secure resolver or independently verified by the user and (2) this secure resolver and secure obtainment or independent verification conform to security policies acceptable to the user. As with all cryptographic algorithms, evaluating the necessary strength of the key is important and dependent on local policy.
[RFC 2535]中的许多一般安全考虑适用。不应信任从DNS检索的密钥,除非(1)它们已从安全解析程序安全获取或由用户独立验证;(2)此安全解析程序和安全获取或独立验证符合用户可接受的安全策略。与所有密码算法一样,评估密钥的必要强度非常重要,并且取决于本地策略。
In addition, the usual Diffie-Hellman key strength considerations apply. (p-1)/2 should also be prime, g should be primitive mod p, p should be "large", etc. [Schneier]
此外,通常的Diffie-Hellman关键强度考虑也适用。(p-1)/2也应该是素数,g应该是本原mod p,p应该是“大的”,等等[Schneier]
References
工具书类
[RFC 1034] Mockapetris, P., "Domain Names - Concepts and Facilities", STD 13, RFC 1034, November 1987.
[RFC 1034]Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[RFC 1035] Mockapetris, P., "Domain Names - Implementation and Specification", STD 13, RFC 1035, November 1987.
[RFC 1035]Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 1035,1987年11月。
[RFC 2535] Eastlake, D., "Domain Name System Security Extensions", RFC 2535, March 1999.
[RFC 2535]Eastlake,D.,“域名系统安全扩展”,RFC 25351999年3月。
[Schneier] Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and Source Code in C", 1996, John Wiley and Sons
Bruce Schneier,“应用密码学:C语言中的协议、算法和源代码”,1996年,John Wiley和Sons
Author's Address
作者地址
Donald E. Eastlake 3rd IBM 65 Shindegan Hill Road, RR #1 Carmel, NY 10512
纽约州卡梅尔市新德干山路65号东湖第三IBM公司,邮编10512
Phone: +1-914-276-2668(h)
+1-914-784-7913(w)
Fax: +1-914-784-3833(w)
EMail: dee3@us.ibm.com
Phone: +1-914-276-2668(h)
+1-914-784-7913(w)
Fax: +1-914-784-3833(w)
EMail: dee3@us.ibm.com
Appendix A: Well known prime/generator pairs
附录A:著名的素数/发生器对
These numbers are copied from the IPSEC effort where the derivation of these values is more fully explained and additional information is available. Richard Schroeppel performed all the mathematical and computational work for this appendix.
这些数字是从IPSEC工作中复制的,IPSEC工作中更全面地解释了这些值的推导,并提供了附加信息。Richard Schroeppel完成了本附录的所有数学和计算工作。
The prime is 2^768 - 2^704 - 1 + 2^64 * { [2^638 pi] + 149686 }. Its
decimal value is
155251809230070893513091813125848175563133404943451431320235
119490296623994910210725866945387659164244291000768028886422
915080371891804634263272761303128298374438082089019628850917
0691316593175367469551763119843371637221007210577919
The prime is 2^768 - 2^704 - 1 + 2^64 * { [2^638 pi] + 149686 }. Its
decimal value is
155251809230070893513091813125848175563133404943451431320235
119490296623994910210725866945387659164244291000768028886422
915080371891804634263272761303128298374438082089019628850917
0691316593175367469551763119843371637221007210577919
Prime modulus: Length (32 bit words): 24, Data (hex): FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF
基本模数:长度(32位字):24,数据(十六进制):FFFFFFFFFFFFFFFFFFC90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E6 F44C2E9 A63A3620 FFFFFFFFFFFFFFFFFF
Generator: Length (32 bit words): 1, Data (hex): 2
Generator: Length (32 bit words): 1, Data (hex): 2
The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
Its decimal value is
179769313486231590770839156793787453197860296048756011706444
423684197180216158519368947833795864925541502180565485980503
646440548199239100050792877003355816639229553136239076508735
759914822574862575007425302077447712589550957937778424442426
617334727629299387668709205606050270810842907692932019128194
467627007
The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
Its decimal value is
179769313486231590770839156793787453197860296048756011706444
423684197180216158519368947833795864925541502180565485980503
646440548199239100050792877003355816639229553136239076508735
759914822574862575007425302077447712589550957937778424442426
617334727629299387668709205606050270810842907692932019128194
467627007
Prime modulus: Length (32 bit words): 32, Data (hex): FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 FFFFFFFF FFFFFFFF
基本模数:长度(32位字):32,数据(十六进制):FFFFFFFFFFFFFFFFFFC90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E6 7EC6 F44C442E9 A637ED6B 0BFF5CB6 F406B7ED EE386BF5FB A899FA5 AEF2651 7B14928FFFF381
Generator: Length (32 bit words): 1, Data (hex): 2
Generator: Length (32 bit words): 1, Data (hex): 2
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。