HTT Consulting

Oak Park MI 48237 USA rgm@labs.htt-consult.com

kivinen@iki.fi

Sandelman Software Works

mcr+ietf@sandelman.ca http://www.sandelman.ca/

Internet IPSECME RFC Request for Comments I-D Internet-Draft IPSECKEY EdDSA This document assigns a value for EdDSA Public Keys to the IPSECKEY IANA registry.

Introduction IPSECKEY [RFC4025) is a resource record (RR) for the Domain Name System (DNS) that is used to store public keys for use in IP security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY Algorithm Type Field registry to enumerate the permissible formats for the public keys. This documents adds support for Edwards-Curve Digital Security Algorithm (EdDSA) public keys in the format defined in to the IPSECKEY RR.

IPSECKEY support for EdDSA Use of an EdDSA public key encoded in the format specified in in an IPSECKEY RR is indicated as follows:

IANA Considerations

IANA IPSECKEY Registry Update This document requests IANA to update the "Description" field in existing entries of the "Algorithm Type Field" subregistry of the "IPSECKEY Resource Record Parameters" to explicitly state that is for "Public" keys: Further, this document requests IANA to make the following addition to the "IPSECKEY Resource Record Parameters" registry:

IPSECKEY:

This document defines the new IPSECKEY value TBD1 (suggested: 4) () in the "Algorithm Type Field" subregistry of the "IPSECKEY Resource Record Parameters" registry.

Security Considerations No new issues than describes.

References IANA

IPSECKEY EdDSA example The following is an example of an IPSECKEY RR with an EdDSA public key base64 encode with no gateway: The associated EdDSA private key (in hex):

Acknowledgments Thanks to Security Area director, Paul Wouters, for initial review. And Security Area director, Roman Danyliw, for final reviews and draft shepherding.