Presentation is loading. Please wait.

Presentation is loading. Please wait.

Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com TSIG SHA etc. Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com March.

Published byOliver Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com TSIG SHA etc. Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com March."— Presentation transcript:

1 Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com
TSIG SHA etc. Donald E. Eastlake 3rd March 2005 IETF DNSEXT

2 TSIG SHA Draft “HMAC SHA TSIG Algorithm Identifiers”
draft-ietf-dnsext-tsig-sha-01.txt formerly: draft-eastlake-tsig-sha-*.txt Donald E. Eastlake 3rd In Last Call March 2005 IETF DNSEXT

3 TSIG Algorithms Current TSIG Proposed Standard [RFC 2845] defines only “HMAC-MD5.SIG-ALG.REG.INT”. Weaknesses in MD5/SHA-1 do not apply to HMAC so it may be OK but: Some people want to use government approved algorithms, i.e., at least SHA-1. Various SHA-224+ algorithms are believed to be stronger than MD5/SHA-1. Some people want to truncate their MACs. March 2005 IETF DNSEXT

4 Changes Specified by 00 Draft
Draft standardized added HMAC algorithm FQDN syntax “TLDs” for all SHAs as follows: SHA1., SHA224., SHA256., SHA384., and SHA512. Defined how to specify truncation with a short MAC size TSIG field. Recommended implementation of SHA1 and 96 bit truncated SHA1, other new algorithms optional, HMAC-MD5 remained the only mandatory algorithm. March 2005 IETF DNSEXT

5 Changes 00->01 Draft Make implementation of HMAC-SHA-1 and HMAC-SHA-256 MANDATORY in addition to HMAC-MD5. March 2005 IETF DNSEXT

6 Changes to be made 01->02 Draft
Based on comments on list and implementer feedback: Specify error code for “signature too weak” to be the same as missing signature. Specify that truncated signature value in request is used in calculating signature for reply. State that policies SHOULD accept longer signatures than they require and SHOULD reply with a signature at least as long as that in the corresponding query. Say a little more about recent hash function breaks. March 2005 IETF DNSEXT

7 ECC Key Draft “Elliptic Curve KEYs in the DNS”
draft-ietf-dnsext-ecc-key-06.txt formerly draft-schroeppel-dnsind-ecc-*.txt Richard C. Schroeppel Donald E. Eastlake 3rd March 2005 IETF DNSEXT

8 Elliptic Curve Crypto A Public Key system.
Keys, signatures, etc., much more compact than RSA. [RFC 3766] A standard format is needed for interoperability. There are numerous patents and claims related to implementations, etc. This draft now defines both a key format and a signature format using Algorithm #4 previously reserved for this purpose. March 2005 IETF DNSEXT

9 ECC Draft Problems/Questions
Need feedback on draft, ideally from implementers. Is format too general? March 2005 IETF DNSEXT

10 Other Signature Drafts
Being updated and expected to be Last Called: draft-ietf-dnsext-rfc2536bis-dsa-04.txt draft-ietf-dnsext-rfc2539bis-dhk-04.txt March 2005 IETF DNSEXT

Download ppt "Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com TSIG SHA etc. Donald E. Eastlake 3rd +1-508-786-7554 Donald.Eastlake@motorola.com March."

Similar presentations

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA +1-410-872-1515 September.

11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.

Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd +1-508-786-7554

March 2008Protocol Draft Changes -06 to -071 TRILL Protocol Specification Changes from -06 to -07 Donald Eastlake 3 rd
INRIA Rhône-Alpes - Planète research group Reed-Solomon FEC I-D LDPC-* FEC I-D TESLA I-D Simple-auth I-D IETF 70 th – Vancouver meeting, November 2007.

INRIA Rhône-Alpes - Planète research group Reed-Solomon FEC I-D LDPC-* FEC I-D TESLA I-D Simple-auth I-D IETF 70 th – Vancouver meeting, November 2007.
Simple Authentication schemes for ALC and NORM draft-ietf-rmt-simple-auth-for-alc-norm-00 IETF 73 – Minneapolis, November 2008 Vincent Roca (INRIA)

Simple Authentication schemes for ALC and NORM draft-ietf-rmt-simple-auth-for-alc-norm-00 IETF 73 – Minneapolis, November 2008 Vincent Roca (INRIA)
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.
Hash and MAC Functions CS427 – Computer Security

Hash and MAC Functions CS427 – Computer Security
1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,

1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.

Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.
DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29.

DNSSEC allocations DNSEXT chairs IETF-75 Stockholm 2009/07/29.

Similar presentations

Ads by Google