RFC 3110 (rfc3110) - Page 2 of 7

RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Alternative Format: Original Text Document
< Previous
Next >
RFC 3110              RSA SIGs and KEYs in the DNS              May 2001


Table of Contents

   1. Introduction................................................... 2
   2. RSA Public KEY Resource Records................................ 3
   3. RSA/SHA1 SIG Resource Records.................................. 3
   4. Performance Considerations..................................... 4
   5. IANA Considerations............................................ 5
   6. Security Considerations........................................ 5
   References........................................................ 5
   Author's Address.................................................. 6
   Full Copyright Statement.......................................... 7

1. Introduction

   The Domain Name System (DNS) is the global hierarchical replicated
   distributed database system for Internet addressing, mail proxy, and
   other information [RFC 1034, 1035, etc.].  The DNS has been extended
   to include digital signatures and cryptographic keys as described in
   [RFC 2535].  Thus the DNS can now be secured and used for secure key
   distribution.

   Familiarity with the RSA and SHA-1 algorithms is assumed [Schneier,
   FIP180] in this document.

   RFC 2537 described how to store RSA keys and RSA/MD5 based signatures
   in the DNS.  However, since the adoption of RFC 2537, continued
   cryptographic research has revealed hints of weakness in the MD5
   [RFC 1321] algorithm used in RFC 2537.  The SHA1 Secure Hash Algorithm
   [FIP180], which produces a larger hash, has been developed.  By now
   there has been sufficient experience with SHA1 that it is generally
   acknowledged to be stronger than MD5.  While this stronger hash is
   probably not needed today in most secure DNS zones, critical zones
   such a root, most top level domains, and some second and third level
   domains, are sufficiently valuable targets that it would be negligent
   not to provide what are generally agreed to be stronger mechanisms.
   Furthermore, future advances in cryptanalysis and/or computer speeds
   may require a stronger hash everywhere.  In addition, the additional
   computation required by SHA1 above that required by MD5 is
   insignificant compared with the computational effort required by the
   RSA modular exponentiation.

   This document describes how to produce RSA/SHA1 SIG RRs in Section 3
   and, so as to completely replace RFC 2537, describes how to produce
   RSA KEY RRs in Section 2.

   Implementation of the RSA algorithm in DNS with SHA1 is MANDATORY for
   DNSSEC.  The generation of RSA/MD5 SIG RRs as described in RFC 2537
   is NOT RECOMMENDED.



D. Eastlake 3rd             Standards Track
< Previous
Next >