RFC 3110 (rfc3110) - Page 1 of 7

RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Network Working Group                                    D. Eastlake 3rd
Request for Comments: 3110                                      Motorola
Obsoletes: 2537                                                 May 2001
Category: Standards Track


      RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document describes how to produce RSA/SHA1 SIG resource records
   (RRs) in Section 3 and, so as to completely replace RFC 2537,
   describes how to produce RSA KEY RRs in Section 2.

   Since the adoption of a Proposed Standard for RSA signatures in the
   DNS (Domain Name Space), advances in hashing have been made.  A new
   DNS signature algorithm is defined to make these advances available
   in SIG RRs.  The use of the previously specified weaker mechanism is
   deprecated.  The algorithm number of the RSA KEY RR is changed to
   correspond to this new SIG algorithm.  No other changes are made to
   DNS security.

Acknowledgements

   Material and comments from the following have been incorporated and
   are gratefully acknowledged:

      Olafur Gudmundsson

      The IESG

      Charlie Kaufman

      Steve Wang





D. Eastlake 3rd             Standards Track