INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers
                                                  Donald E. Eastlake 3rd
                                                                Motorola
Expires: July 2003                                          January 2003




                  HMAC SHA TSIG Algorithm Identifiers
                  ---- --- ---- --------- -----------
                    <draft-eastlake-tsig-sha-01.txt>

                         Donald E. Eastlake 3rd


Status of This Document

   This draft is intended to be become a Proposed Standard RFC.
   Distribution of this document is unlimited. Comments should be sent
   to the author.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC 2026.  Internet-Drafts are
   working documents of the Internet Engineering Task Force (IETF), its
   areas, and its working groups.  Note that other groups may also
   distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.



Abstract

   Currently only the HMAC-MD5 and GSS TSIG Algorithm identifiers are
   specified.  This document specifies identifiers for additional HMAC
   SHA TSIG algorithms.










D. Eastlake 3rd                                                 [Page 1]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


Table of Contents

      Status of This Document....................................1
      Abstract...................................................1

      Table of Contents..........................................2

      1. Introduction............................................3

      2. Algorithms and Identifiers..............................4

      3. IANA Considerations.....................................5
      4. Security Considerations.................................5
      References.................................................5

      Author's Address...........................................6
      Expiration and File Name...................................6



































D. Eastlake 3rd                                                 [Page 2]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


1. Introduction

   [RFC 2845] specifies a TSIG Resource Record that can be used to
   authenticate DNS queries and responses. This RR contains a domain
   name syntax data item which names the authentication algorithm used.
   [RFC 2845] defines the HMAC-MD5.SIG-ALG.REG.INT name for
   authentication codes using the HMAC [RFC 2104] algorithm with the MD5
   [RFC 1321] hash algorithm. IANA has also registered "gss-tsig" as an
   identifier for TSIG authentication where the cryptographic operations
   are delegated to GSS [RFC gsstsig]. This document specifies
   additional names for TSIG authentication algorithms based on US NIST
   SHA algorithms, HMAC, and truncation.








































D. Eastlake 3rd                                                 [Page 3]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


2. Algorithms and Identifiers

   TSIG Resource Records (RRs) [RFC 2845] are used to authenticate DNS
   queries and responses.  They are intended to be efficient symmetric
   authentication codes based on a shared secret. (Asymmetric signatures
   can be provided using the SIG RR [RFC 2931].) Used with a strong hash
   function, HMAC [RFC 2104] provides a way to calculate such symmetric
   authentication codes. The only specified HMAC based TSIG algorithm
   identifier has been HMAC-MD5.SIG-ALG.REG.INT based on MD5 [RFC 1321].
   However, MD5 is beginning to show its age and some signs of weakness
   have been found. While these particular weaknesses should have no
   effect on MD5 use with HMAC, identifiers are defined herein for using
   more recent hash functions which are believed to be stronger.

   In particular, SHA-1 [FIPS 180-1, RFC 3174], which is a 160 bit hash
   as compared with the 128 bits for MD5, and additional hash algorithms
   in the SHA family [FIPS 180-2] with 256, 384, and 512 bits, may be
   preferred in some case. Use of TSIG between a DNS resolver and server
   is by mutual agreement which agreement can include the support of
   additonal algorithms.

   In some cases, it is reasonable to truncate the output of HMAC and
   use the truncated value for authentication. Since the syntax for TSIG
   algorithm identifiers is that of a domain name, this is indicated in
   these identifiers by a leading decimal lable which gives the
   truncated length in bits. When truncation occurs, the bits used are
   the initial bits, trailing bits being discarded.

   For completeness in relation to HMAC based algorithms, the current
   HMAC-MD5.SIG-ALG.REG.INT identifier is included in the table below.

         Mandatory      HMAC-MD5.SIG-ALG.REG.INT

         Recommended    sha1
         Recommended    96.sha1
         Optional       sha256
         Optional       192.sha256
         Optional       sha384
         Optional       320.sha384
         Optional       sha512
         Optional       448.sha512











D. Eastlake 3rd                                                 [Page 4]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


3. IANA Considerations

   This document, on approval by IETF Consensus [RFC 2434], registers
   the new TSIG algorithm identifiers listed in Section 2 with IANA.



4. Security Considerations

   For all of the hash algorithms listed herein, those producing longer
   hash values are believed to be stronger.

   See Security Considerations section of [RFC 2845].



References

   [FIPS 180-1] - Secure Hash Standard, (SHA-1) US Federal Information
   Processing Standard, 17 April 1995.

   [FIPS 180-2] - Secure Hahs Standard, (SHA-1/256/384/512) US Federal
   Information Processing Standard, Draft, not yet issued.

   [RFC 1321] - The MD5 Message-Digest Algorithm, R. Rivest, April 1992.

   [RFC 2104] - HMAC: Keyed-Hashing for Message Authentication, H.
   Krawczyk, M.  Bellare, R. Canetti, February 1997.

   [RFC 2434] - Guidelines for Writing an IANA Considerations Section in
   RFCs, T.  Narten, H. Alvestrand, October 1998.

   [RFC 2671] - Extension Mechanisms for DNS (EDNS0), P. Vixie, August
   1999.

   [RFC 2845] - Secret Key Transaction Authentication for DNS (TSIG), P.
   Vixie, O. Gudmundsson, D. Eastlake, B. Wellington, May 2000.

   [RFC 2931] - DNS Request and Transaction Signatures ( SIG(0)s), D.
   Eastlake.  September 2000.

   [RFC 3174] - US Secure Hash Algorithm 1 (SHA1), D. Eastlake, 3rd, P.
   Jones, September 2001.

   [RFC gsstsig] - GSS Algorthm for TSIG (GSS-TSIG), S. Kwan, P. Garg,
   J. Gilroy, L. Esibov, J. Westhead, R. Hall, draft-ietf-dnsext-gss-
   tsig-05.txt which should be in the RFC Editor queue.





D. Eastlake 3rd                                                 [Page 5]


INTERNET-DRAFT                                 HMAC-SHA TSIG Identifiers


Author's Address

   Donald E. Eastlake 3rd
   Motorola
   155 Beaver Street
   Milford, MA 01757 USA

   Telephone:   +1-508-851-8280 (w)
                +1-508-634-2066 (h)
   EMail:       Donald.Eastlake@motorola.com



Expiration and File Name

   This draft expires in July 2003.

   Its file name is draft-eastlake-tsig-sha-01.txt


































D. Eastlake 3rd                                                 [Page 6]