EdDSA value for IPSECKEY

EdDSA value for IPSECKEY HTT Consulting

Oak Park MI 48237 USA rgm@labs.htt-consult.com

kivinen@iki.fi

Sandelman Software Works

mcr+ietf@sandelman.ca https://www.sandelman.ca/

Internet IPSECME RFC Request for Comments I-D Internet-Draft IPSECKEY EdDSA This document assigns a value for EdDSA Public Keys to the IPSECKEY IANA registry.

Introduction IPSECKEY [RFC4025) is a resource record (RR) for the Domain Name System (DNS) that is used to store public keys for use in IP security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY Algorithm Type Field registry to enumerate the permissible formats for the public keys. This document adds support for Edwards-Curve Digital Security Algorithm (EdDSA) public keys in the format defined in to the IPSECKEY RR.

IPSECKEY support for EdDSA When using the EdDSA public key in the IPSECKEY RR, then the value TBD1 is used as an algorithm and the public key is formatted as specified in Section 3 of the "Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC" () document.

IANA Considerations

IANA IPSECKEY Registry Update

Reformat Algorithm Type Field Subregistry This document requests IANA to add a new field “Format description” to the "Algorithm Type Field" subregistry of the "IPSECKEY Resource Record Parameters" . Also, this document requests IANA to update the "Description" field in existing entries of that registry to explicitly state that is for "Public" keys: IANA is requested to update the reference of that registry by adding the RFC number to be assigned to this document.

Add to Algorithm Type Field Subregistry Further, this document requests IANA to make the following addition to the "IPSECKEY Resource Record Parameters" registry:

IPSECKEY:: This document defines the new IPSECKEY value TBD1 (suggested: 4) () in the "Algorithm Type Field" subregistry of the "IPSECKEY Resource Record Parameters" registry.

Security Considerations No new issues than describes.

References IPSECKEY Resource Record Parameters IANA

IPSECKEY EdDSA example The following is an example of an IPSECKEY RR with an EdDSA public key base64 encode with no gateway: The associated EdDSA private key (in hex):

Acknowledgments Thanks to Security Area director, Paul Wouters, for initial review. And Security Area director, Roman Danyliw, for final reviews and draft shepherding.