Internet Engineering Task Force J. Jansen Internet-Draft SIDN Intended status: Experimental M. Sivaraman Expires: October 10, 2017 Internet Systems Consortium April 8, 2017 Use of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC draft-muks-dnsop-dnssec-sha3-01 Abstract This document specifies the use of SHA-3 (Keccak) hash functions in DNSSEC. It also specifies the use of the RSASSA-PSS signature scheme for RSA keys. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 10, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Jansen & Sivaraman Expires October 10, 2017 [Page 1] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Implementations (Editor: to be removed before publication) . . . . . . . . . . . . . . . . . . . . . . 4 2. DNSKEY Resource Records . . . . . . . . . . . . . . . . . . . 4 2.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signing keys . . . 5 2.2. ECDSA/SHA-3 signing keys . . . . . . . . . . . . . . . . 5 3. RRSIG Resource Records . . . . . . . . . . . . . . . . . . . 5 3.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signatures . . . . 5 3.2. ECDSA/SHA-3 signatures . . . . . . . . . . . . . . . . . 6 4. DS Resource Records . . . . . . . . . . . . . . . . . . . . . 6 4.1. SHA3-256 digest type DS Resource Records . . . . . . . . 6 4.2. SHA3-384 digest type DS Resource Records . . . . . . . . 7 5. Deployment Considerations . . . . . . . . . . . . . . . . . . 7 5.1. Key Sizes . . . . . . . . . . . . . . . . . . . . . . . . 7 5.2. Signature Sizes . . . . . . . . . . . . . . . . . . . . . 7 5.3. DS Sigest Sizes . . . . . . . . . . . . . . . . . . . . . 7 6. Implementation Considerations . . . . . . . . . . . . . . . . 7 6.1. Support for SHA-3 Signatures . . . . . . . . . . . . . . 7 6.2. Support for SHA-3 DS Digest Types . . . . . . . . . . . . 7 6.3. Support for NSEC3 Denial of Existence . . . . . . . . . . 8 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8 7.1. RSA/SHA2-256 (RSASSA-PSS) Key and Signature . . . . . . . 8 7.2. RSA/SHA2-512 (RSASSA-PSS) Key and Signature . . . . . . . 10 7.3. RSA/SHA3-256 (RSASSA-PSS) Key and Signature . . . . . . . 12 7.4. RSA/SHA3-384 (RSASSA-PSS) Key and Signature . . . . . . . 14 7.5. RSA/SHA3-512 (RSASSA-PSS) Key and Signature . . . . . . . 16 7.6. ECDSA Curve P-256 with SHA3-256 Key and Signature . . . . 18 7.7. ECDSA Curve P-384 with SHA3-384 Key and Signature . . . . 20 7.8. SHA3-256 as DS Digest Type . . . . . . . . . . . . . . . 21 7.9. SHA3-384 as DS Digest Type . . . . . . . . . . . . . . . 21 8. Security considerations . . . . . . . . . . . . . . . . . . . 22 8.1. Considerations for RRSIG Resource Records . . . . . . . . 22 8.2. Signature Type Downgrade Attacks . . . . . . . . . . . . 22 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 22 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 11.1. Normative references . . . . . . . . . . . . . . . . . . 23 11.2. Informative references . . . . . . . . . . . . . . . . . 25 Appendix A. Change history (Editor: to be removed before publication) . . . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 Jansen & Sivaraman Expires October 10, 2017 [Page 2] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 1. Introduction The Domain Name System (DNS) is the global, hierarchical distributed database for Internet Naming. The DNS has been extended to use cryptographic keys and digital signatures for the verification of the authenticity and integrity of its data. [RFC4033], [RFC4034], and [RFC4035] describe these DNS Security Extensions, called DNSSEC. [RFC4033] described how to store DNSKEY and RRSIG resource records, and specified a list of cryptographic algorithms to use. It was updated by [RFC5702] to add the SHA-2 family of hash algorithms using the RSASSA-PKCS1-v1_5 signature scheme [RFC3447]. PKCS #1 v2.1 [RFC3447] introduced RSASSA-PSS which is a much better signature scheme than RSASSA-PKCS1-v1_5. The main advantage of RSASSA-PSS over RSASSA-PKCS1-v1_5 is that analysis can relate its security to that of the RSA problem (Section 8.1 of [RFC8017]), whereas the connection of RSASSA-PKCS1-v1_5 to the RSA problem has not been proved. With RSASSA-PSS, an attacker also does not know in advance what the encoded message EM will be due to the use of random salt that makes fault analysis attacks more difficult to mount. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications (Section 8 of [RFC8017]). SHA-3 is a family of hash functions based on the cryptographic primitive family Keccak. [FIPS.202.2015] states: "The four SHA-3 hash functions in this Standard supplement the hash functions that are specified in [FIPS.180-4.2015]: SHA-1 and the SHA-2 family. Together, both Standards provide resilience against future advances in hash function analysis, because they rely on fundamentally different design principles." Now that SHA-1's security is known to be weakened and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSKEYs, and in DS records, it is sensible to introduce the SHA-3 hash function family to DNSSEC now to prepare for any eventuality. The SHA-3 hash function family uses a sponge construction algorithm that is different from the SHA-2 hash function family which uses a Merkle-Damgaerd construction, so the possibility that an attack on SHA-2 will affect SHA-3 or vice versa is unlikely. This document extends the list of DNSKEY algorithms with the RSASSA- PSS signature scheme [RFC8017] using the SHA-2 and SHA-3 family of hash functions. It also adds DNSKEY algorithms for ECDSA using the SHA-3 family of hash functions. [RFC3658] first described the use of DS resource records. It was updated by [RFC4509] and [RFC6605] to add SHA-256 and SHA-384 digest Jansen & Sivaraman Expires October 10, 2017 [Page 3] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 types respectively. This document extends that list with the SHA-3 algorithms SHA3-256 and SHA3-384. Familiarity with DNSSEC, RSA, ECDSA, and the SHA-2 [FIPS.180-4.2015] and SHA-3 [FIPS.202.2015] hash function families is assumed in this document. To refer to SHA2-256 and SHA2-512, this document will use the name SHA-2. Similarly, to refer to SHA3-256, SHA3-384, and SHA3-512, this document will use the name SHA-3. This is done to improve readability. When a part of text is specific for a particular SHA-2 or SHA-3 hash function, their specific names are used. The same goes for RSA/SHA3-256 and RSA/SHA3-512 which will be grouped using the name RSA/SHA-2, and RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512, which will be grouped using the name RSA/SHA-3. The SHA2-224, SHA2-384, and SHA3-224 algorithms are not used in RSASSA-PSS DNSKEYs and RRSIGs. The SHA3-512 algorithm is not used in ECDSA with SHA-3. The SHA3-224 and SHA3-512 algorithms are not used as DS digest types. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.1. Implementations (Editor: to be removed before publication) An experimental BIND implementation of this draft can be found in the "sha3" branch in the git repository at: https://github.com/muks/bind9 There is also an experimental implementation based on the ldns library, which can be found in the "sha3_and_pss" branch in the git repository at https://github.com/tjeb/ldns. These can be used to check for interoperability by other DNSSEC implementations. 2. DNSKEY Resource Records The format of the DNSKEY RR can be found in [RFC4034]. [RFC3110] and [RFC5702] describe the use of RSASSA-PKCS1-v1_5 signature scheme with SHA-1 and SHA-2 hash functions for DNSSEC signatures respectively. [RFC6605] describes the use of ECDSA with SHA-2 in DNSSEC. Jansen & Sivaraman Expires October 10, 2017 [Page 4] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 2.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signing keys RSA public keys for use with RSASSA-PSS signature scheme using SHA-2 and SHA-3 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9. The key size of RSA/SHA2-256 and RSA/SHA3-256 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 256-bit value, the RSA modulus be at least 522 bits long. The key size of RSA/SHA3-384 keys MUST NOT be less than 1024 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 384-bit value, the RSA modulus be at least 778 bits long. The key size of RSA/SHA2-512 and RSA/SHA3-512 keys MUST NOT be less than 1280 bits and MUST NOT be more than 4096 bits. This also satisfies a requirement of the RSASSA-PSS signature scheme that for a hash function that outputs a 512-bit value, the RSA modulus be at least 1034 bits long. 2.2. ECDSA/SHA-3 signing keys P-256 and P-384 ECDSA public keys for use with SHA3-256 and SHA3-384 hash functions are stored in DNSKEY resource records (RRs) with the algorithm numbers as specified in Section 9. The generation of P-256 and P-384 ECDSA keys follows the same method as for [RFC6605]. 3. RRSIG Resource Records 3.1. RSASSA-PSS/SHA-2 and RSASSA-PSS/SHA-3 signatures For signature calculation, this section uses the specifications of RSASSA-PSS in PKCS #1 v2.2 (Section 8.1 of [RFC8017]) incorporating EMSA-PSS encoding (Section 9.1 of [RFC8017]). The values for the RRSIG RDATA fields that precede the signature data are specified in [RFC4034]. The value of the signature field in the RRSIG RDATA follows the RSASSA-PSS signature scheme and is calculated as described in Section 8.1.1 of [RFC8017]. The message M used in signature calculation is the argument to the sign() function as specified in Section 3.1.8.1 of [RFC4034]. Jansen & Sivaraman Expires October 10, 2017 [Page 5] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 Within EMSA-PSS-ENCODE, the hash function "Hash" used is one among SHA2-256, SHA2-512, SHA3-256, SHA3-384, and SHA3-512 for RSA/ SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, and RSA/SHA3-512 respectively. The mask generation function is MGF1 (Section B.2.1. of [RFC8017]) and the hash function used within the mask generation function is also "Hash". The length of salt in octets MUST be equal to the length of the output of the hash function "Hash" in octets. The value of salt SHOULD be random per signature computation. A random salt value enhances the security of the scheme by affording a "tighter" security proof. However, the randomness is not critical to security. See Section 8.1 of [RFC8017] for the tradeoffs in security due to a non- random salt. These RSASSA-PSS signatures are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9. 3.2. ECDSA/SHA-3 signatures P-256 and P-384 ECDSA signatures using SHA3-256 and SHA3-384 hash functions are stored in the DNS using RRSIG resource records (RRs) with algorithm number as specified in Section 9. The generation of P-256 and P-384 ECDSA/SHA-3 signatures follows the same method as for [RFC6605], except the collision-resistant hash function "H" (see Section 10.4 of [RFC6090]) for P-256 and P-384 ECDSA/SHA-3 signatures are SHA3-256 and SHA3-384 respectively. 4. DS Resource Records The format of the DS RR can be found in [RFC4034]. [RFC3658], [RFC4509], and [RFC6605] describe the use of SHA-1, SHA-256, and SHA-384 for the DS digest type respectively. 4.1. SHA3-256 digest type DS Resource Records The implementation of SHA3-256 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-256, the digest value is 32 bytes long, and the digest type code is specified in Section 9. Jansen & Sivaraman Expires October 10, 2017 [Page 6] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 4.2. SHA3-384 digest type DS Resource Records The implementation of SHA3-384 in DS RRs follows the implementation of SHA-256 as specified in [RFC4509] except that the underlying algorithm is SHA3-384, the digest value is 48 bytes long, and the digest type code is specified in Section 9. 5. Deployment Considerations 5.1. Key Sizes Apart from the restrictions in Section 2, this document will not specify what size of keys to use. That is an operational issue and depends largely on the environment and intended use. A good starting point for more information would be [NIST800-57]. 5.2. Signature Sizes In this family of signing algorithms, the size of signatures is related to the size of the key and not to the hashing algorithm used in the signing process. Therefore, RRSIG resource records produced with RSA/SHA2-256, RSA/SHA2-512, RSA/SHA3-256, RSA/SHA3-384, or RSA/ SHA3-512 will have the same size as those produced with RSA/SHA-1 and RSA/SHA-2 hash algorithms, if the keys have the same length. 5.3. DS Sigest Sizes DS RDATA with digest type SHA3-256 has the same size as DS RDATA with digest type SHA-256 (32 bytes). DS RDATA with digest type SHA3-384 has the same size as DS RDATA with digest type SHA-384 (48 bytes). Corresponding to these existing digest types, it should be possible to understand the impact of the size of DS RDATA when using the new SHA-3 digest types. 6. Implementation Considerations 6.1. Support for SHA-3 Signatures DNSSEC-aware implementations SHOULD be able to support RRSIG and DNSKEY resource records created with the RSA/SHA-2, RSA/SHA-3, and ECDSA/SHA-3 algorithms defined in this document. 6.2. Support for SHA-3 DS Digest Types DNSSEC-aware implementations SHOULD be able to support DS resource records created with the SHA3-256 and SHA3-384 algorithms defined in this document. Jansen & Sivaraman Expires October 10, 2017 [Page 7] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 6.3. Support for NSEC3 Denial of Existence [RFC5155] defines new algorithm identifiers for existing signing algorithms, to indicate that zones signed with these algorithm identifiers can use NSEC3 as well as NSEC records to provide denial of existence. That mechanism was chosen to protect implementations predating [RFC5155] from encountering resource records about which they could not know. This document does not define such algorithm aliases. A DNSSEC validator that implements RSA/SHA-2 and/or RSA/SHA-3 MUST be able to validate negative answers in the form of both NSEC and NSEC3 with hash algorithm 1, as defined in [RFC5155]. An authoritative server that does not implement NSEC3 MAY still serve zones that use RSA/SHA-2 or RSA/SHA-3 with NSEC denial of existence. 7. Examples 7.1. RSA/SHA2-256 (RSASSA-PSS) Key and Signature Given a 1024-bit private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 247 (RSASHA2-256) Modulus: 0xP+0iFPdhzUUmeYeZZZvddMG1lkpbvbcjSH/mLf/XksiFHq/legqzLQd5QajI3Tc7bIcRuuHPtib2nKm7k4R1SduNxzUyv5z/T9MDOqlQrUOsBveuC5Wf1b+36PLjWJNqnzFkZ9wuQIDF0uDZwGnebWZDJavq306j/XTA/iZtc= PublicExponent: AQAB PrivateExponent: uVnMoR7JFTG5rGb1+IbzZQYC+d0kyXhN+lpwtQyEHqPiXA57KT8vgkYL04WFTrlX3ju6hcBFw4Nn6+fdF6Os6zXGgexNh2PqDG+BSSO8P+dH7hNiuV2qSONgkKrJco0aX0q0sAyo7RzRHkAtUUFum//2qMQ7wGZRaVk3FPsFmQE= Prime1: 8BHCdC21Zfw8cs4IUKSDqg6JZh6GkdHIHyRpgtPQ7pSx99QtIbU9+VoTcJHw09TId7MOm3fZ4nrALYQHFow7gQ== Prime2: 4RW9O6uh52sNxjpYVqheZj+6Z2LvkIPsbgJQYsqhNLr/vf5apact+WXz5pWMlHOguiXu8qiZa86B1dxmHAkuVw== Exponent1: t1p5D86RSxE5Ad4GT8E2pj1wB0StNtXoaJCg3UD1xCJhQo0U4zfP25BGZKWyL7fGXFWvhGInUWi7Oogp+bilAQ== Exponent2: u5c+q2iT+ydBx6AA19hjNJyQYnIWbz9D4TuUe4GdcTEYy+Qc8EqxClZqPBcPnvnvTrUmvJ6/nxXxJ6gUgfE06Q== Coefficient: m9t6RWOcmP1MLC8YiaxLvsJ1MLe+JTiu+Tzx7plz7bVd9cw0SCbD/X+VXBiDheu2ZyaZ8tuprEX7FdjiTU1Hdg== The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 247 AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW723I0h/5i3/15LIhR6v5X oKsy0HeUGoyN03O2yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAzqpUK 1DrAb3rguVn9W/t+jy41iTap8xZGfcLkCAxdLg2cBp3m1mQyWr6t9Oo/ 10wP4mbX With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (42 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: Jansen & Sivaraman Expires October 10, 2017 [Page 8] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 42 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 247 2 3600 ( 20300101000000 20000101000000 30005 example.org. C9c2AuyA6rB3XL08i3PgDtMZC2+sNiY/B94+ flfdxYz1OVmm7+byEVVxmAqw7nEn3MfUGpwj 2E1Thin2pYZ4jF4ep2kz1kDxXWTFnKwwxgAl nFGeZihBJUUpfXpzIWVOGwkIJIWL+aB3mS3M Z1EJ2Iok1n37ZO9Uf6tLcZDYLck= ) 3600 NS invalid. 3600 RRSIG NS 247 2 3600 ( 20300101000000 20000101000000 30005 example.org. y/qVMuKsW5dqkXBLQmTj+RJ1UCe8JUpLw7/x yjlwH8qtUxJ3YxkfeDbx7Lah4+mZtYebib2Q gSedJE/ZERTwsB7njLio/hoMTUIXD/BBGbd3 LyNHj7v6ujZO6HJ2ai46+qtYAXo2PHDV7i4I AtOJQR1+Lz5Q/Bd6zJKuHiHft6E= ) 3600 A 192.0.2.1 3600 RRSIG A 247 2 3600 ( 20300101000000 20000101000000 30005 example.org. SjJvbsHI77EZFZnNFYGoFXhKPe8yJy7Jb4Td mHFabTlpaqjByYlgQUyvB165KrvUBfSm/qMS NqBJF7t8TmmsMkVpaL90GLYMvkKQexv4qI/X PKZ++nynOa9HObcjUfgR0x3jLc5K+sRfnYwW oJqjh+1z0Kb3hq3wawGVmRgZZwA= ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 247 2 3600 ( 20300101000000 20000101000000 30005 example.org. Tkleo5JjLcMDz+JzfG1Pfan4YNVrsLn0z8jJ RME2LEionhZqLLAScmHy4yBg3RQQI/Ak+516 nBLwr1F23Kh5dkO9ApefKryn1SZP6LndOcBu tdlq6MzNkqwgpXwFYwTsQtxG0SJPZxA7x5du 0F4QoBe/bC9vK69gra0Zkc0IPos= ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 247 2 7200 ( 20300101000000 20000101000000 30005 example.org. CNggBNHd8AmjG3TGV34Mb6oMycx1OXLU645d aDvA/LGZ5qBF8Oz5W56rYzpbcUS11rZBBBAb nscR73oqF89BaHEMzQCpsVkoA8ao/xRAkMl1 N49iKGB5vCR2XnVkhH5b9JVDSK2Td+cWzDN3 O/0Fjg9cviMI/rEt1w29YFkYZxU= ) 3600 DNSKEY 256 3 247 ( AwEAAdMT/tIhT3Yc1FJnmHmWWb3XTBtZZKW7 Jansen & Sivaraman Expires October 10, 2017 [Page 9] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 23I0h/5i3/15LIhR6v5XoKsy0HeUGoyN03O2 yHEbrhz7Ym9pypu5OEdUnbjcc1Mr+c/0/TAz qpUK1DrAb3rguVn9W/t+jy41iTap8xZGfcLk CAxdLg2cBp3m1mQyWr6t9Oo/10wP4mbX ) ; ZSK; alg = RSASHA2-256 ; key id = 30005 3600 RRSIG DNSKEY 247 2 3600 ( 20300101000000 20000101000000 30005 example.org. RHImUBMtz6LOEkEZLeeUKY30z1LgknkyawpZ GLRLiE84UkBAjF559Yk8O6Dm9qTPa7jpu0ja HAl1WGAHQU45w7t17/onSLJfE+6C9kS6F3N+ qhWu+WWMz6/fvbaoe5EG5v/AkXA/iF3sEPIt Y5bA3d1IR9bs36fyk3c5c0vb170= ) 7.2. RSA/SHA2-512 (RSASSA-PSS) Key and Signature Given a 1280-bit private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 248 (RSASHA2-512) Modulus: v4LMvpU2sPxQHPOos4PFROf1U02gmzkOdeBjWiY1iEsyDgaGEJ/3x1D4oIVHI9pMVS47JoQvvhnnOnJv5/tslA5ivWsTp0i6rFzY3+F+zDUCA1AcD/rcECgfizC/VZSHvH3aThpjqiwCN6HtC9ofPNqxAikdwMeJP3oUSl3Pg/Y3S8pX2ykHNoq2+tROcypY4VUmbFqJa6SAxBT8EeWgTw== PublicExponent: AQAB PrivateExponent: uIbklwIZN4F2A992/rmJ23IRPNoAVXAtkcDKmjNUw2WI7mC0ztIEIgXP+oNQ36fYgv7PubYGdopo9TUMxJ7KqQIPe+nvfvEiBTBVO6r/zOveAJXvq3RuNJ0DCBnhvMhWMha7rRcqp3FixJ9J7cBEwRmJQn+KjrrOZJ9zCFJZ+CQZ5yTTFAdrkjDtpFrg8XUSuDqo85/RFtFUQiMHNzLZsQ== Prime1: 8ji5lppCo7FCVENMf+a9u5EpXNwH8P+VFHaw99NAKqEV+pWBS24Op8yoRxt6f7mmRe4FTNyTfkkdSpMo5aN6oa1h/vFo14ifFTMU46Vm8ec= Prime2: ymed+9gYJ/z4ulOPOBrJV6BSVIZgE1hxSkyR68h8fzGvc6iPCf7+JsM7XrIK3Z5dxFQ8WBg7YgbKn05mD1dqU3sJJpIstvKdhvUmaJyVYVk= Exponent1: J/A+eZyZ3E+/9hDarkQniKPYxBzrmksqE6O2bkaA0AabjyPTm9JbzEMsg/z9581+ow0qBpBgKXR4xfEZzzNzZvEltVmsxc0bHe28RgThwoU= Exponent2: jWsESRhdGGN57cXARXUBxIWxwHj628lprn39Xn5/7ebrLaZR+qv9K1wxOSKw0NN7tFceqnaT1xPjspb2XDW5hoZqiFaNg23Ufpz+rwzomlE= Coefficient: 2hX/dV/0jj0IUyAbx5N1I2kIsjf9FJmQHQjktr63YG0CMMBMRNUWF2Y4B3Z3RJHHdeBRvD4r3q7JlkhXvuOWn1EyLFx8ZGOZVboKIcePgUU= The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 248 AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5DnXgY1omNYhLMg4GhhCf 98dQ+KCFRyPaTFUuOyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/hfsw1 AgNQHA/63BAoH4swv1WUh7x92k4aY6osAjeh7QvaHzzasQIpHcDHiT96 FEpdz4P2N0vKV9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHloE8= With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (43 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 43 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) Jansen & Sivaraman Expires October 10, 2017 [Page 10] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 248 2 3600 ( 20300101000000 20000101000000 50019 example.org. LIqNhZMZthJKDab51kfzn9TtMyWSZ+Z+yOZU Ukg9j6gAzcezPNiPer9A0FtgDsXFU2ICRDOx kGeWjhgEN1JGOxA7robpGjOTLWAAYbzSihBE ehqkpDTJHsmTv3lnjioAFaalFKwisClR1GH9 t7T9sZMEc1G25a4izULX6PiKAjBBegbJ6sGK 6OgCbuxE3yTwJTiPb3/W5IfPbv/bRnETWA== ) 3600 NS invalid. 3600 RRSIG NS 248 2 3600 ( 20300101000000 20000101000000 50019 example.org. Sj3JxLM0kH9UDcyO09Zhrupw+0iafH8Yk20I a2m1S8jnjWrwCQplg/RRcM+9B5rz9AoNZJg7 iHWEwmP9jLK5umbQXP/zCt/5UffdiPSNpGb7 epJ5aNVVfvS00QeqL/yOhwkZcpVd9YszYq+V Sx6hMHJ9SSqx/CBZZzwjJopOPP4zabha41RY J/3PG3ohQh7hAigUcNgO4AwxAoV+D/3yQQ== ) 3600 A 192.0.2.1 3600 RRSIG A 248 2 3600 ( 20300101000000 20000101000000 50019 example.org. GZY8uKkZ2pKhtL9Dh6NKq8GES4WUn9AFOtNc PHvXVANuMadMh8LwgmtKe7H6HujPW8Ghj0wJ XRkGJ8kinCRp51eSF0gsr6vIsLiYCx/2XJW5 4dCufvxbbZe3e1yHOOSExLDICT6SQ775CavX cjnFsI4NAzPO5S+55nq2EvUug7stYeS89mUQ Wq24FZOnONIY1dbRfpzCkBSs09wXSBtqPQ== ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 248 2 3600 ( 20300101000000 20000101000000 50019 example.org. MY2ha2+UIdeHSEeBLqlb6Ls9gTCO7yUQkz3c yM3A3Als78y/nz9GsEUjpQ6JGmt3c0Gs64mx WFl15oo/LWrum/HLwvoXciwZOueCSzIpwjQY zlqUNNbtKLYLChzMdq07x1Cak/kjF8ROsSpz rQ5MbQDnLN25IOLy3JodvcZFnzsoxmx2LAJ1 g80Ps4+p5QbTEoASNGGPUR84LPrZ7j4Nrw== ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 248 2 7200 ( 20300101000000 20000101000000 50019 example.org. l2RkbZqizyfnWMThvlt/F2zltQ/DVOmSCQve JsIe++bJgbyloiLhDnia9ZqwT/apob6VHAgg KXEII+R6WGuPCBHe3Px2xVFWgh1EU3GnoTWv JCS1cQ98PpzBiLxIwMAQCp0ItUFj2M2LmZc9 JzvSFW2UCtUK64BCS5aj0qWPPfWuWjM1bJ1d weyYT+oCKY/GurJbRcjOs4r4Jmsq1PctDA== ) 3600 DNSKEY 256 3 248 ( Jansen & Sivaraman Expires October 10, 2017 [Page 11] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 AwEAAb+CzL6VNrD8UBzzqLODxUTn9VNNoJs5 DnXgY1omNYhLMg4GhhCf98dQ+KCFRyPaTFUu OyaEL74Z5zpyb+f7bJQOYr1rE6dIuqxc2N/h fsw1AgNQHA/63BAoH4swv1WUh7x92k4aY6os Ajeh7QvaHzzasQIpHcDHiT96FEpdz4P2N0vK V9spBzaKtvrUTnMqWOFVJmxaiWukgMQU/BHl oE8= ) ; ZSK; alg = RSASHA2-512 ; key id = 50019 3600 RRSIG DNSKEY 248 2 3600 ( 20300101000000 20000101000000 50019 example.org. gGFb305M15oFs/+Mc4r9II2nmqARCt52Rj2y 7aQNKIk7PXqxfdsnRpswmvRL/J0zUsoP/Ecj E+yLZQpJz0Chycs5UszXCeHxGqx1GandpQaw LOu02AFI2rdpamD242i3RUSfxjKUpo2MFuS7 c92xUOOkjwn1MAZruUKWPbVzCm3pvqIHTytL JyGDHI8LqCbhbnf3hP2G45BCzh1cp41EYA== ) 7.3. RSA/SHA3-256 (RSASSA-PSS) Key and Signature Given a 1024-bit private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 249 (RSASHA3-256) Modulus: uI99tnWEAZ5j8hnh29acjTWKUncLZpGWYCWjmz7KB7q8NCiGdA7dgkIBpGrsry0jF8PVGP8jm2omdMaPDX2N0UcEVKrUSKczNQb3Kdiihl1J8/IC9KZuHqQJHr8E4Gu/S4P1EbpaM00F1YPCkldl7yTyXEA6waP2Qs6lfRETffU= PublicExponent: AQAB PrivateExponent: ceGgqZBzxufsNfxAgH05lmx+EIqCT2TwTB2NiYLB+OkBrpF+/WgayIBgMQsFRsZsTAK7oDP2zbQ/THkk1ict9PHByDAAedOo+sjYqja7/NMqHZV2y5nfOV2gr/Qkx8Ns/JhcZ6bD0TtS+mTTGZPKxHZYoZKp/EYaRpY/FH/tgBU= Prime1: 8a4Tyux12glzCP4cLndnDi2MT9M4WRR0B+8SjU1zoZVgOiF7WnCD6go3LAGl8SbiMzX491cJFKuK7/0qY4wTcw== Prime2: w37/PBybwbTCtWJeGQo5sZUmAfcB4G9KPb0Xx7attTlVcvS3BsNxQ6u5CJS6PkxrRLJhObY0co97esbRlfXe9w== Exponent1: X5pyH/LcR+03AVasRUFclgI0oBs5DhwGLmFHYHhEBqZ1k2lNR6B8vmdeHd1lDHlKP+HY49cdM30MkBUA4LI3uw== Exponent2: P7FYptULSgkChuYNkkrqkRju0SUQz3Zy0bqRzNePsMOFO3bPSrzSYiHInysVosZzDGaxloPugoSMzmuITTtV8Q== Coefficient: NdPPfYznkez2NNKsVydeZleq+jOBaQ3O98YZteXreOrH8L+pqKxkymKIvqjiTzWdA+fDV7KfFrbv0ZFwGymsNQ== The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 249 AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aRlmAlo5s+yge6vDQohnQO 3YJCAaRq7K8tIxfD1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynYooZd SfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNNBdWDwpJXZe8k8lxAOsGj9kLO pX0RE331 With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (44 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: Jansen & Sivaraman Expires October 10, 2017 [Page 12] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 44 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 249 2 3600 ( 20300101000000 20000101000000 23809 example.org. Uwq4O7WnX3WgD4gqrE931DqCByyWgf6+YfZe vRCTzMe+/q/36pWhYhej6wI3Fo2JRImMeL85 IEdQNEUOcZ4SyfbnC/x44Tj3xlF1imf40dWy /HDLAdAlCfL1bZVxd6KNPBoGsZmWqqdePguC Kvv6KpZB5bmQhlPJHmcevUajG80= ) 3600 NS invalid. 3600 RRSIG NS 249 2 3600 ( 20300101000000 20000101000000 23809 example.org. WXtpjYg9ZGDYBn01HBZwrHiJ8pccXicaLt6e ck1lYFER1/Gw3oroFvHeI7l8WuyGyjm7QnXP /avYGX7tAmObgKRh08gk2tDj8Ku6aKYRunVh jobJi2WEsKBMCScwhjK64WJV90pOrWiU7/j6 D8fwTySTSmQJXn7mG/0ynIiwruw= ) 3600 A 192.0.2.1 3600 RRSIG A 249 2 3600 ( 20300101000000 20000101000000 23809 example.org. K718CGTXBAKJ3ug5YsHGtr4tPvHrrPFw0YCN v97mU25mhBerDNLyNISCsMQPw0NVnXyV7BR0 8dpwnmZqGIhId4ojaSKCZtQkUkNiqrF77sZe 2jryHi8VvuT9JqFa+JI3vUHLavnGabc40qEC zTtP8g1I3CEopnp6QDkLxyjwVhQ= ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 249 2 3600 ( 20300101000000 20000101000000 23809 example.org. e8EgXwu/7VvU83ZW8gEiS+51HUfgkowoichs 9L7U5eX1axrynM7c3r7WvFy1hNGLxrzZOU7e r8R+0QG989x1lwPSHeETryQ/5sUApOeoaFYj 3D+IZEzI0gGfHIXP+zZ2kRW3tQx0Bn1JHPWx 1+JOwFdfJB4jczG6YwydRVaWd3M= ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 249 2 7200 ( 20300101000000 20000101000000 23809 example.org. rfCOWKNWnlLoXuLPqE5fhq7yN10BZbZ0cCj7 8c4DROMIXistBFRoNhYngTDratXojbJGCO4F nbA3kSOh91RaSevASHDF9SvAysKUqWIYw4Mx hLROhu9TjE7i3VgYt6rEHoQIMroOry3dao48 12mcadWl4MgoDyJAxTbUGZyTeFY= ) 3600 DNSKEY 256 3 249 ( AwEAAbiPfbZ1hAGeY/IZ4dvWnI01ilJ3C2aR Jansen & Sivaraman Expires October 10, 2017 [Page 13] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 lmAlo5s+yge6vDQohnQO3YJCAaRq7K8tIxfD 1Rj/I5tqJnTGjw19jdFHBFSq1EinMzUG9ynY ooZdSfPyAvSmbh6kCR6/BOBrv0uD9RG6WjNN BdWDwpJXZe8k8lxAOsGj9kLOpX0RE331 ) ; ZSK; alg = RSASHA3-256 ; key id = 23809 3600 RRSIG DNSKEY 249 2 3600 ( 20300101000000 20000101000000 23809 example.org. hgKUSu/6JOKBEA9LavThiPFsDk0JOK4fsCiJ cR8Y/uAKyTlZ77m7olSWnbhSmAkzM2dST4eb KfCKgz+v6B0H+TGuuVZ9nriFggRsUu0uddsD sgOVuWB2XC0e0lJMxpYht/DQd6ZLc++XhWyK a9a0Iw9/bcIFaKY+bhn0zWp3y9k= ) 7.4. RSA/SHA3-384 (RSASSA-PSS) Key and Signature Given a 1024-bit private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 250 (RSASHA3-384) Modulus: xHuxiHax4XcfW9yCIdCVdrqs+L1lfTZKdOK7C+J8yDptcyS7DC8Su0X4hqJxA3M0gZFfpwSpuc1/XSwm0pDCqByy1qehIZgJMQ9dm6whqokGgqcpOxEbLhKDHoUl6dq6MVZAoys2wYgpEwK9E0GPx1OT80EeO/8txqyIx1b3X1s= PublicExponent: AQAB PrivateExponent: vFr/xBxVRhkWPM/VCGmW/uzR6NpXsoMbOZYpTalfietJBTrO/U0bHeBj8V1EDdShHxynn8r+khoH4N/0j6MqlqEnKmL7lTDeGV5ezKLu3uLFa6RISolasqpQBqptImJ+hbXtozDKPhfjI/+d9FZBB6J1g2RlwujGX6VJMbSefvE= Prime1: /fmeKF6OHGM9aWJq4j2/tNgbdTdy9tP2pi7VG4w7MZcXtt5jRuwDt9RfBb0i01+KOROWyIklTeHC3OIdU6otLw== Prime2: xgy6/HX5aChVos1eunk1ZezvweGNfBuZr4TcpcTShzLs8ftGs/fAZ6Ea44p7EZizB1yaEspfcvTMHFnC709dlQ== Exponent1: 3UV/P9ixo5XqyUgPqzD1NxAZTBSVOusNN1gSH0AbymbDKHW0tPOngZ+rcgqIrvPML1IbyneCYspQxbTSrDPVzQ== Exponent2: BOFlbjk+ByoPSi7Dadb40OUw11dGlEtd0yxz/4XFJl3D5wapLGArlqIqtnbAJ6ParZDDnzjrdzq/GOfBXQJYrQ== Coefficient: NPxHl0td8V/7Sk7dnGfF6Fbde3Kwt8PUUsVulh3rsr1wjmWeW6JFBxd8R104k+HicCXrLj+YthGmLS3jCwnidQ== The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 250 AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02SnTiuwvifMg6bXMkuwwv ErtF+IaicQNzNIGRX6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZusIaqJ BoKnKTsRGy4Sgx6FJenaujFWQKMrNsGIKRMCvRNBj8dTk/NBHjv/Lcas iMdW919b With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (45 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 45 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) Jansen & Sivaraman Expires October 10, 2017 [Page 14] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 250 2 3600 ( 20300101000000 20000101000000 54407 example.org. i7x4t2CwGks6qLxRxbdp+pakfK27TzN91vug UPyU+TmOzPYqQoS2MOjJn8TVuje9vZ4EnuzZ cTZCkO44r9XIgqth4tY5aJfK8otr30DYYwYd GOv719RBypf11JOk9FW4+rcgsSfTu3z3+a78 PuGh5oR7fUGlg/d0//WraW+Zg+E= ) 3600 NS invalid. 3600 RRSIG NS 250 2 3600 ( 20300101000000 20000101000000 54407 example.org. c1o2/g51y3eo3E3+28Ot1k4vg4sE8MEIHdel rD35/XAOzDZ8PH0HmrBzYEGUTk7Dxv8ts0Yj M9xtoF9HIxlmOF19yjKrT7LNpXmbcbxA/NNH kNOqX3EzsLZFD1t7btDqKtj+CaslkxMe6JnH m03CtRj6b2YF4TROa8swzElwMSc= ) 3600 A 192.0.2.1 3600 RRSIG A 250 2 3600 ( 20300101000000 20000101000000 54407 example.org. UXoGfLBwSu4b0bMrUvf6QC4Yn/WspMpv5ARf Z2aZPZABB5ZTdmSLXuvRP4XG9OZNiQhBKCVs 4gLi2MutsVD8AB6N3inJcvNefty8l7+wdnUk HKuLk8O+/GCB0394nIJTKnazGPhUJtlZucZV jSNlo+OVLqCqcKtUjG+YB63J5V0= ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 250 2 3600 ( 20300101000000 20000101000000 54407 example.org. hMN/J/JZEyMhC9RqJpowhidhSRQCOeiTWyhX i7+prwrtJ0CccOmakac2QjuKBOEkeXOzUpLL nXY83uObZCvWg3HouhZX+y9CgLueqRjfK2Sr KrBLM1zXceqg2zjjxr7UjYn9ty6sJeOJbQLk LDEOW7fPPSLPELa0S8kS6Z5X/6E= ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 250 2 7200 ( 20300101000000 20000101000000 54407 example.org. ZTSVWOyH0HY6OYKDhjAqDlhdPjgzSx6ihA5/ Nu1tOJgtxXR+/55PGdplIfS3Q4vujqbbwjD1 EcSGUgVP9lnL4wqq2YwSALj3e5K216wRhBKz G5YwFrduYZAP57nGdykzeNQZRB1bEpLUEzrP /u+TQCTrLDSTMv4s61gN9d02gl0= ) 3600 DNSKEY 256 3 250 ( AwEAAcR7sYh2seF3H1vcgiHQlXa6rPi9ZX02 SnTiuwvifMg6bXMkuwwvErtF+IaicQNzNIGR X6cEqbnNf10sJtKQwqgcstanoSGYCTEPXZus IaqJBoKnKTsRGy4Sgx6FJenaujFWQKMrNsGI KRMCvRNBj8dTk/NBHjv/LcasiMdW919b Jansen & Sivaraman Expires October 10, 2017 [Page 15] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 ) ; ZSK; alg = RSASHA3-384 ; key id = 54407 3600 RRSIG DNSKEY 250 2 3600 ( 20300101000000 20000101000000 54407 example.org. iFy/6jk0In+egxxxOGzvknZ2gufOFAlrvZ4Q 2Ufa2hLKvJOhsQrpcEfHtB5vGivZJ9WwShjw 5n5YlBE/VKyy/IpycgJwybrBBPimNViwfn8y BunXT7x/OJ0tSeDxr1ab/CwPBl+0uq3RsDqs 5qJTL5pmN5JD6kR2tRVvy3MicTM= ) 7.5. RSA/SHA3-512 (RSASSA-PSS) Key and Signature Given a 1280-bit private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 251 (RSASHA3-512) Modulus: o+YkFXrbuWtwzgjWTMxKWL/mxKmZiIEwZQocnh0XN8ON6AIFc+aECjkxwO5pWG171NCXt2acYWnKakpCmpiSHh9ggj8hL5O67Zs409xo0vqRpXzxY27IvBtKNurtD48RiPknLh3fEhuRnHEj8X2fpuOUx0yN5wOZx3PRjNxMeLnTglxHfRqah/tApQnCTvBAWX5vSYmPP1u/4I/UR1Zpyw== PublicExponent: AQAB PrivateExponent: TJqZTOzSW7SK0dGxj82ABkETM+HtH676Fo+GVqRUIL0my0R+lfAs0LZwubL0y97IHOytrIuqFaGjeNBilu0uhiO2MMoe0aTjnoCJLAR9ffXdqZb1FGMn8kWkmmtZJbm3LzFYHMs4B0exGq4vI2DfX5UF0LZV1YN4WIk2jgMPgRdJRZOOr0ZyJs8dz4VwhuVZx6SRa4ADB22QIRUdCCEESQ== Prime1: 0fpRrO03qcRgQpwNiiw0sjBguAClUVMY9H+ZLwUrAsiP65/ikHOOXTve7aAW/OMnAmKdmpaA0jeMiYdwidMcdwVJbZM0qHsqkxrVZmtgFy8= Prime2: x9Jgn/DLIVzcPl8VazyWcn51hbM2xd8J5fZYp/ZPVJBDlfvlICT6YbpYg8CyPjUpoDM4JnAH9v0sICO7GgrvQIY5XEYnLmUttdBj8+D58CU= Exponent1: lXLZcQABrzYS4TXauS5Pb0fZfv0OrPw89cBfkcTW4QtIzAanJfLpL9iuCWj5E5LFMABqdh2KoJRi1XvtkFsOlnPP2Ep+ny/SlJLzsgrYgIc= Exponent2: fsVfe9keZhotuHxGcHRN1nGYSax7MWnhM73oXRcNGU81MbBPmuca2mmIwn28F29O603Tb79frjjMh89jYpBRXZRKS9pN/Uc/iruczhqLNuk= Coefficient: JF5wby8oSnh2Hqff02l7tA80wNf99YWUPSn3yHfuoQKgn274V2N/QE4XgcpJd+ioSkKNX+GV6RpG+b8gUiR1hCxHBPpmeb/QcA9ivnrW0L0= The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 251 AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiBMGUKHJ4dFzfDjegCBXPm hAo5McDuaVhte9TQl7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPcaNL6 kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIbkZxxI/F9n6bjlMdMjecDmcdz 0YzcTHi504JcR30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdWacs= With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (46 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 Using RSASSA-PSS salt filled entirely with 0 valued octets, if the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 46 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 251 2 3600 ( Jansen & Sivaraman Expires October 10, 2017 [Page 16] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 20300101000000 20000101000000 23118 example.org. OLszLePpxC9kXYEHP+xnQ/5VVGUuIECXHzEG ksSPKttAmztjP3GVZpNCqYsahV7yKKkkd6TX h45w9pho8ZWDabPdCjzCiwl5aL+OvzUWXeGJ chObfU1AFsW3I03V5/8KUzH6o1CCTDbYbLeP saI/HH+G4k6mbLU1vNBCKjT8U2wY2T3mtCry a9heSY0UbORoQpilzljhtmyU86LfItD7tg== ) 3600 NS invalid. 3600 RRSIG NS 251 2 3600 ( 20300101000000 20000101000000 23118 example.org. LtjteiIhqrJWOJDvVHB2YBdpOPtc62N40uGe GoSj9S9pU8UEte8K4T+TQGefc89SQQMBKMl+ LtdKY4G9pTLBSVzpUw1ht4hZvwU5mKURWDJ7 +ZR14ic4Sh91R79U4BZCxe7DbQa+3JWhBLVo KFsmsFwlStpWSe97xoQNiyC33Y0TRl2S/7TF p3ewL2owYRraSZZqj+UAM3oLXPyYJoD71A== ) 3600 A 192.0.2.1 3600 RRSIG A 251 2 3600 ( 20300101000000 20000101000000 23118 example.org. HcOfonaxmSgcjmoRCkrf0mm3K/6zbQQyseI5 u/dmqN04jGjO8OfinRX6wWe2uaQUCTSITyD+ BONJa9BotX36uDJgtm+UYqz+xFSrF/Wolb9X GrKBzRJXwKGL8z/gcIJMn1VchSwcFIhh+w4K QAxWmpm2mNdbL83D1Ep+dRgLgsawubhwc2t0 UM6kLJgsx8qYEDDVk6f0UKFWBobseyP5pQ== ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 251 2 3600 ( 20300101000000 20000101000000 23118 example.org. AvBYmq6oMCOAQi4DpSpo5+cRUX+vZQgvaNH8 JnT68vibTlyxlUOa5BlxQv7IrrjrM7af73Ny 6tdZfUoQouSpThCs22cPC4T5RPZvSvWzejGc Fc8ElNOFmftx4d3ag6cIn9Wj74gEAgmqmp+j uB7/hYK12A2/shgDr0S1UEax2YehBNXdViHZ aSwSQoLrW25zN4ENgnVkMKUQ/2OIOhyKrg== ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 251 2 7200 ( 20300101000000 20000101000000 23118 example.org. MeDqwUq8KuJiSLZBefoJqgvuQ6Nlm+IPDFMA jZUkov419KPqItr29YIG+7lL8Ow/PRVbb0mM VfVUTIKWC1bfAhO2FBAQJTIzAeFELnUSsTaa jcNdRSen8VosEh3822rwjqcQD5hhm52v7ZCT QgrRrgoZBuCHU9dDHNfauUie0mrnCqiuFRjR DafCZeqYzzIpZVDIjyFDwu2LRzkyKduHug== ) 3600 DNSKEY 256 3 251 ( AwEAAaPmJBV627lrcM4I1kzMSli/5sSpmYiB MGUKHJ4dFzfDjegCBXPmhAo5McDuaVhte9TQ l7dmnGFpympKQpqYkh4fYII/IS+Tuu2bONPc aNL6kaV88WNuyLwbSjbq7Q+PEYj5Jy4d3xIb Jansen & Sivaraman Expires October 10, 2017 [Page 17] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 kZxxI/F9n6bjlMdMjecDmcdz0YzcTHi504Jc R30amof7QKUJwk7wQFl+b0mJjz9bv+CP1EdW acs= ) ; ZSK; alg = RSASHA3-512 ; key id = 23118 3600 RRSIG DNSKEY 251 2 3600 ( 20300101000000 20000101000000 23118 example.org. SUr4RUGNadiJ7pJe8X2bnnUuHbNY3yq1S+/W NRpfXT5RReL8Ag5QuBQAnKwkqbV0UFeM3D0S xX46BY/75LerOIqy8FHaXbk9qiLBaX9E7/cV vUhkf9Dbp26Irc59AQCAB0OQ/e55onU3NRsY TWrujs0cyOo2B8eSHPcd8M2Yvwyh/ZEQNfUj YXKwAO6a+DZeId9BwU0KiEcrLs/KP2gzEQ== ) 7.6. ECDSA Curve P-256 with SHA3-256 Key and Signature Given a private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 245 (ECDSAP256SHA3-256) PrivateKey: FHj8A/R6a/L9gP0cEyi/2ILg8d7ooxrS332FZNuED2c= The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 245 5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWsWvSFqhULW6UhzF0NV4wT Vw6eFTWrJMH421Uk+SI1YFxSL5a77g== With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (40 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: Jansen & Sivaraman Expires October 10, 2017 [Page 18] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 40 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 245 2 3600 ( 20300101000000 20000101000000 43839 example.org. Lwigfv/bGllB3Oy8VwxiocNv9Gzcmkm3I90x dRR2EE8m7mAB6STKrCAWb/W6FS0idcQPiSgL 8uCb0yepcmbtFw== ) 3600 NS invalid. 3600 RRSIG NS 245 2 3600 ( 20300101000000 20000101000000 43839 example.org. I/z7I5Q7L6Gec/NynbXGg5gtbVh9DBMFuvX2 6eD6OOeORC7As6/oQmb1kXaHPpLj4amg+f/n HnJHUfYweLuq+Q== ) 3600 A 192.0.2.1 3600 RRSIG A 245 2 3600 ( 20300101000000 20000101000000 43839 example.org. PuehYLyx2uSSTe1lsmCmu0fe9Lty4IMB7BMY q106Q95EmDU9NE93aNn/N3jY3aXSrr2Omumg UDixTS/b3WTI7A== ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 245 2 3600 ( 20300101000000 20000101000000 43839 example.org. jmQwgJCvCC1JLGLpOTUYq8p4w3x3RQ4U1Qaj Wg1w/PZUX2L931+UScQCgxEeUMEsPBQfDRD2 ngjaSy3EPacAmg== ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 245 2 7200 ( 20300101000000 20000101000000 43839 example.org. 7TtsB8CoVLjTGx3yDVDwOcGsG3+1FdC4S9zl jSOPIYfRD3KnlBPE+9fyl/5YIz9JDLu+AiJI 49gk+PHBru63EA== ) 3600 DNSKEY 256 3 245 ( 5DuYfUIL3CQAibLVRZkHNX8RsmMgXYMVwSWs WvSFqhULW6UhzF0NV4wTVw6eFTWrJMH421Uk +SI1YFxSL5a77g== ) ; ZSK; alg = ECDSAP256SHA3-256 ; key id = 43839 3600 RRSIG DNSKEY 245 2 3600 ( 20300101000000 20000101000000 43839 example.org. oRrJQrqVwC+fAtXzUQELelLopUXZEcOLkGiP kyOtu5/K9/PlTPibU9szJeVJwS1L8FBHetsq NWw6YKBpRzZQGw== ) Jansen & Sivaraman Expires October 10, 2017 [Page 19] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 7.7. ECDSA Curve P-384 with SHA3-384 Key and Signature Given a private key with the following values (in Base64): Private-key-format: v1.2 Algorithm: 246 (ECDSAP384SHA3-384) PrivateKey: FaHBWT7qWcJF2J4ExUPgBZ1poxJ/Cwvzv6+BF5rGT3KuIs83ABt51ITt4hVwaGfc The DNSKEY record for this key would be: example.org. IN DNSKEY 256 3 246 KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7FxAkwlGNYdkEePKE7Wfz AgatdexHHeKTG61+3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI3rMa 9ucGNf8PThBzVAVT With this key, sign the following zone consisting of 4 RRs: example.org. 3600 IN SOA invalid. hostmaster.example.org. (41 43200 900 1814400 7200) example.org. 3600 IN NS invalid. example.org. 3600 IN A 192.0.2.1 example.org. 3600 IN AAAA 2:2001:db8::1 If the inception date is set at 00:00 hours on January 1st, 2000, and the expiration date at 00:00 hours on January 1st, 2030, the following signed zone (with DNSKEY) should be created: example.org. 3600 IN SOA invalid. hostmaster.example.org. ( 41 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) 3600 RRSIG SOA 246 2 3600 ( 20300101000000 20000101000000 34779 example.org. ZPWX28z79mJc3UbHfubZOdEKPg1BiKy9vdLV GiGIDU6QDFSci3NmGdjFKfuS31EEjmehVu1M CaJRFmbl/q1HhoFzuRVnGLkdHr+krBCon9Uo 3l5EEyorRFCOg5Ro5i/z ) 3600 NS invalid. 3600 RRSIG NS 246 2 3600 ( 20300101000000 20000101000000 34779 example.org. nAwt7QstHenYC2h9eX7J0p33QRE3S+C7+Wz/ LTOEWqtm0AfU10hnFmnw6OGmxkp2ll2d2qh1 JjrkEPDwg0jlM12SFDTQmwW5TnRQV89N16R2 0KKnoxrdnMSO8WhhnaYG ) 3600 A 192.0.2.1 3600 RRSIG A 246 2 3600 ( 20300101000000 20000101000000 34779 example.org. ATgXx7BFVUQYFBXx/xiTq2T1CWUAuFmNpqF/ JYVXi0elgImh3a+q6ZCUATUmSvlmDMW6KEhY Jansen & Sivaraman Expires October 10, 2017 [Page 20] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 ggr2MdJnT4nm0Qo3ellq8mUAvY2X9/yON9Eh D+Ist8SZ7WDe7UX8Pe9H ) 3600 AAAA 2:2001:db8::1 3600 RRSIG AAAA 246 2 3600 ( 20300101000000 20000101000000 34779 example.org. T7DAgHgxAFNXp5I/alyc5Vp4jsE/L/C9v6NY 6j+I3RyiCCGY0PY8JY4R4iEd2QB9GPl0zByF bGVz3MfxiyF/r/BB1zdzgqCcsZ7O932sOuRj PQFHV7TuKabl0INvnjAs ) 7200 NSEC example.org. A NS SOA AAAA RRSIG NSEC DNSKEY 7200 RRSIG NSEC 246 2 7200 ( 20300101000000 20000101000000 34779 example.org. Tc7HYK4o1ZYYdkSbykdG1aR3dgK/Ah8evaKp 4hfBm9R9GiWlusEhD6OWPGKjw2Y8zC/yb9h0 S4lj5TvbzRFY8xfvoys6w9x4KSo89bAAIIkQ ojBivLF8GlXOhDApeqr3 ) 3600 DNSKEY 256 3 246 ( KQdbXXFXMQBV7lAOrRwFYRitDHNxZEXbVYz7 FxAkwlGNYdkEePKE7WfzAgatdexHHeKTG61+ 3bkW5tf+pSanH8pV6y9fhZQt6gf6v2XD8jPI 3rMa9ucGNf8PThBzVAVT ) ; ZSK; alg = ECDSAP384SHA3-384 ; key id = 34779 3600 RRSIG DNSKEY 246 2 3600 ( 20300101000000 20000101000000 34779 example.org. WpuLvqdHWbmggF7tTgXkFuoHFgPgY7Tl35zg jLEEgZJJUXDEDOC2pFpYVJljVPGptUW4EWOM CoCu70UTPpTJUnXWQgYH/2lW2SjWk7KM36rH nWkRklSxtL8y00IV1/Nt ) 7.8. SHA3-256 as DS Digest Type Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents: example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N The DS record for this key with digest type SHA3-256 would be: example.org. IN DS 25803 8 252 AE03EA9388D4BA12725999B8E2C4ED14E06EAE8B78229B81154F61FE8EDBAA5F 7.9. SHA3-384 as DS Digest Type Given a 1024-bit RSA/SHA-256 DNSKEY with the following contents: example.org. IN DNSKEY 256 3 8 AwEAAbljrZZb1Qyq8ui+vnYL5exWSrQYFkCFD6VvJoJr5ADo7CxZiyxu sJM6oVHF7pA22rKJqjgIR9lksZ1+nT2WcwdXQuAFLrLFAI5L42mQKOHS hx1S3vHosO0iSIX47IyyR2O+J9qLhy7B+T4cJzAq2dOtSziqL1l5BCtw 5ZNYJX8N The DS record for this key with digest type SHA3-384 would be: example.org. IN DS 25803 8 253 BA8A4350F844CCCB8308694B3ADD478FC7EFBAC936D82D482D88F792FAB0766567E1F58F3A1075708CCC0457C9435ECA Jansen & Sivaraman Expires October 10, 2017 [Page 21] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 8. Security considerations 8.1. Considerations for RRSIG Resource Records DNSSEC implementations are encouraged to implement the new algorithms in this document as soon as possible now that SHA-1's security is known to be degraded and the SHA-2 hash algorithms are currently the last line of defence for use with RSA in DNSSEC. Users of DNS software are encouraged to deploy these new algorithms with DNSSEC when software implementations allow for it. Users are encouraged to run DNSSEC validator implementations that support these new algorithms when they are available. The RSASSA-PSS signature scheme and the SHA-3 hash function family are considered sufficiently strong for the immediate future, but predictions about future development in cryptography and cryptanalysis are beyond the scope of this document. 8.2. Signature Type Downgrade Attacks Since each RRSet MUST be signed with each algorithm present in the DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a malicious party cannot filter out the RSASSA-PSS RRSIG and force the validator to use a RSA/SHA-1 signature if both are present in the zone. This should provide resilience against algorithm downgrade attacks, if the validator supports RSASSA-PSS. 9. IANA considerations This document updates the IANA registry "Domain Name System Security (DNSSEC) Algorithm Numbers" (http://www.iana.org/protocols). The following entries are added to the registry: Jansen & Sivaraman Expires October 10, 2017 [Page 22] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 +-------+-----------------+-------------------+------+------+-------+ | No. | Description | Mnemonic | Z.S. | T.S. | Ref. | +-------+-----------------+-------------------+------+------+-------+ | 245 | ECDSA Curve | ECDSAP256SHA3-256 | Y | * | [TBD] | | [TBD] | P-256 with | | | | | | | SHA3-256 | | | | | | 256 | ECDSA Curve | ECDSAP256SHA3-384 | Y | * | [TBD] | | [TBD] | P-384 with | | | | | | | SHA3-384 | | | | | | 247 | RSA/SHA2-256 | RSASHA2-256 | Y | * | [TBD] | | [TBD] | with RSASSA-PSS | | | | | | 248 | RSA/SHA2-512 | RSASHA2-512 | Y | * | [TBD] | | [TBD] | with RSASSA-PSS | | | | | | 249 | RSA/SHA3-256 | RSASHA3-256 | Y | * | [TBD] | | [TBD] | with RSASSA-PSS | | | | | | 250 | RSA/SHA3-384 | RSASHA3-384 | Y | * | [TBD] | | [TBD] | with RSASSA-PSS | | | | | | 251 | RSA/SHA3-512 | RSASHA3-512 | Y | * | [TBD] | | [TBD] | with RSASSA-PSS | | | | | +-------+-----------------+-------------------+------+------+-------+ This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" (http://www.iana.org/ protocols). The following entries are added to the registry: +-----------+-------------+----------+------------+ | Value | Description | Status | References | +-----------+-------------+----------+------------+ | 252 [TBD] | SHA3-256 | OPTIONAL | [TBD] | | 253 [TBD] | SHA3-384 | OPTIONAL | [TBD] | +-----------+-------------+----------+------------+ 10. Acknowledgements Thanks to Francis Dupont and Paul Hoffman for review and suggestions. 11. References 11.1. Normative references [FIPS.180-4.2015] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-4, August 2015, . Jansen & Sivaraman Expires October 10, 2017 [Page 23] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 [FIPS.202.2015] National Institute of Standards and Technology, "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions", FIPS PUB 202, August 2015, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3110] Eastlake 3rd, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)", RFC 3110, DOI 10.17487/RFC3110, May 2001, . [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February 2003, . [RFC3658] Gudmundsson, O., "Delegation Signer (DS) Resource Record (RR)", RFC 3658, DOI 10.17487/RFC3658, December 2003, . [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, DOI 10.17487/RFC4033, March 2005, . [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, DOI 10.17487/RFC4034, March 2005, . [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005, . [RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)", RFC 4509, DOI 10.17487/RFC4509, May 2006, . [RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008, . Jansen & Sivaraman Expires October 10, 2017 [Page 24] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 [RFC5702] Jansen, J., "Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC", RFC 5702, DOI 10.17487/RFC5702, October 2009, . [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic Curve Cryptography Algorithms", RFC 6090, DOI 10.17487/RFC6090, February 2011, . [RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, DOI 10.17487/RFC6605, April 2012, . [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 8017, DOI 10.17487/RFC8017, November 2016, . 11.2. Informative references [NIST800-57] Barker, E., Barker, W., Burr, W., Polk, W., and M. Smid, "Recommendation for Key Management", NIST SP 800-57, March 2007. Appendix A. Change history (Editor: to be removed before publication) o draft-muks-dnsop-dnssec-sha3-01 Use RSASSA-PSS instead of RSASSA-PKCS1-v1_5. Specify DNSSEC algorithms using RSASSA-PSS for SHA-2 hash functions too. Specify algorithms for ECDSA with SHA-3. Update all examples. Other fixes. o draft-muks-dnsop-dnssec-sha3-00 Initial draft. Authors' Addresses Jelte Jansen SIDN Meander 501 Arnhem 6825 MD The Netherlands Email: jelte.jansen@sidn.nl URI: https://www.sidn.nl/ Jansen & Sivaraman Expires October 10, 2017 [Page 25] Internet-DrafUse of SHA-3 (Keccak) and RSASSA-PSS in DNSSEC April 2017 Mukund Sivaraman Internet Systems Consortium 950 Charter Street Redwood City, CA 94063 US Email: muks@mukund.org URI: https://www.isc.org/ Jansen & Sivaraman Expires October 10, 2017 [Page 26]