1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
algorithm
Click on the red underlined text to get to the source
... resource record (RR) is described in Section 3.
It includes an algorithm identifier, the actual public key
parameters, and a variety of flags including those indicating the
...
... time
to live (which may be longer than its current time to live but cannot
be shorter), the cryptographic algorithm in use, and the actual
signature.
...
... RR consists of flags, a protocol octet, the
algorithm number, and the public key itself. The format is as
follows:
...
... 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| flags | protocol | algorithm |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| /
...
... protocol octet are
described in Sections 3.2, 3.3 and 3.4 below respectively. The flags
and algorithm must be examined before any data following the
algorithm octet as they control the format and even whether there is
...
... and algorithm must be examined before any data following the
algorithm octet as they control the format and even whether there is
any following data. The algorithm and public key ...
... algorithm octet as they control the format and even whether there is
any following data. The algorithm and public key fields are
described in Section 3.5. The format of the public key ...
... public key fields are
described in Section 3.5. The format of the public key is algorithm
dependent.
...
... bits of this field are one, the "no key" value, there
is no key information and the RR stops after the algorithm octet. By
the use of this "no key" value, a signed KEY RR ...
... SIG resource. The MD5/RSA algorithm described in this document is
number 1. Numbers 2 through 252 are available for assignment should
sufficient reason arise. However, the designation of a new algorithm ...
... RSA algorithm described in this document is
number 1. Numbers 2 through 252 are available for assignment should
sufficient reason arise. However, the designation of a new algorithm
could have a major impact on interoperability and requires an IETF
standards ...
... IETF
standards action. Number 254 is reserved for private use and will
never be assigned a specific algorithm. For number 254, the public
key area shown in the packet diagram above will actually begin with a
length byte followed by an Object Identifier ...
... OID) of that length.
The OID indicates the private algorithm in use and the remainder of
the area is whatever is required by that algorithm. Number 253 is
...
... OID indicates the private algorithm in use and the remainder of
the area is whatever is required by that algorithm. Number 253 is
reserved as the "expiration date algorithm" for use where the
...
... the area is whatever is required by that algorithm. Number 253 is
reserved as the "expiration date algorithm" for use where the
expiration date or other labeling fields of SIGs are desired without
any actual security ...
... expiration date or other labeling fields of SIGs are desired without
any actual security. It is anticipated that this algorithm will only
be used in connection with some modes of DNS ...
...
If the type field does not have the "no key" value and the algorithm
field is 1, indicating the MD5/RSA algorithm ...
... algorithm
field is 1, indicating the MD5/RSA algorithm, the public key field is
structured as follows:
...
... Interaction of Flags, Algorithm, and Protocol Bytes ...
...
Various combinations of the no-key type value, algorithm byte,
protocol byte, and any protocol indicating flags (such as the
reserved IPSEC ...
... NK = no key type value
AL = algorithm byte
PR = protocols indicated by protocol byte or protocol flags
...
... AL PR NK Meaning
0 0 0 Illegal, claims key but has bad algorithm field.
0 0 1 Specifies total lack of security for owner.
...
... 0 0 1 Specifies total lack of security for owner.
0 x 0 Illegal, claims key but has bad algorithm field.
0 x 1 Specified protocols insecure, others may be secure.
x 0 0 Useless. Gives key but no protocols to use it.
...
... those protocols are implemented with security.
x x 1 Algorithm not understood for protocol.
(remember, in reference to the above table, that a protocol
...
...
The flag field, protocol, and algorithm number octets are then
represented as unsigned integers. Note that if the type field ...
... represented as unsigned integers. Note that if the type field has
the "no key" value or the algorithm specified is 253, nothing appears
after the algorithm octet.
...
... the "no key" value or the algorithm specified is 253, nothing appears
after the algorithm octet.
...
... public key may have internal sub-fields but these do
not appear in the master file representation. For example, with
algorithm 1 there is a public exponent size, then a public exponent,
and then a modulus. With algorithm 254, there will be an OID ...
... algorithm 1 there is a public exponent size, then a public exponent,
and then a modulus. With algorithm 254, there will be an OID size,
an OID ...
... OID size,
an OID, and algorithm dependent information. But in both cases only a
single logical base 64 string will appear in the master file.
...
... 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| type covered | algorithm | labels |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| original TTL ...
... algorithm number is an octet specifying the digital signature
algorithm used parallel to the algorithm octet for the KEY RR. The
...
... RR. The
MD5/RSA algorithm described in this document is number 1. Numbers 2
through 252 are available for assignment should sufficient reason
arise to allocate them. However, the designation of a new algorithm ...
... RSA algorithm described in this document is number 1. Numbers 2
through 252 are available for assignment should sufficient reason
arise to allocate them. However, the designation of a new algorithm
could have a major impact on the interoperability of the global DNS
system ...
... IETF standards action. Number 254 is reserved
for private use and will not be assigned a specific algorithm. For
number 254, the "signature" area shown above will actually begin with
...
... OID) of that length.
The OID indicates the private algorithm in use and the remainder of
the area is whatever is required by that algorithm. Number 253,
...
... OID indicates the private algorithm in use and the remainder of
the area is whatever is required by that algorithm. Number 253,
known as the "expiration date algorithm", is used when the expiration
...
... the area is whatever is required by that algorithm. Number 253,
known as the "expiration date algorithm", is used when the expiration
date or other non-signature fields of the SIG ...
... SIG are desired without any
actual security. It is anticipated that this algorithm will only be
used in connection with some modes of DNS ...
... signature is possibly
valid. Its exact meaning is algorithm dependent. For the MD5/RSA
algorithm, it is the next to the bottom two octets of the public key ...
... valid. Its exact meaning is algorithm dependent. For the MD5/RSA
algorithm, it is the next to the bottom two octets of the public key
modulus needed to decode the signature ...
... canonical form and order. How this data sequence is
processed into the signature is algorithm dependent.
...
...
pubkey name flags protocol algorithm key-data
...
... RR). Flags indicates the type of key and is
the same as the flag octet in the KEY RR. Protocol and algorithm
also have the same meaning as they do in the KEY RR. The material
...
... also have the same meaning as they do in the KEY RR. The material
after the algorithm is algorithm dependent and, for private
algorithms ...
... RR. The material
after the algorithm is algorithm dependent and, for private
algorithms (algorithm ...
... algorithm is algorithm dependent and, for private
algorithms (algorithm 254), starts with the algorithm ...
... algorithm dependent and, for private
algorithms (algorithm 254), starts with the algorithm's identifying
...
... algorithms (algorithm 254), starts with the algorithm's identifying
OID and its length. If the "no key" type value ...
... OID and its length. If the "no key" type value is set in flags or
the algorithm is specified as 253, then the key-data after algorithm
is null. When present the key-data is treated as an octet stream ...
... type value is set in flags or
the algorithm is specified as 253, then the key-data after algorithm
is null. When present the key-data is treated as an octet stream and
...
... verification (the most common operation) for
the MD5/RSA algorithm will vary roughly with the square of the
modulus length, signing will vary with the cube of the modulus
...
... key generation (the least common operation) will vary
with the fourth power of the modulus length. The current best
algorithms for factoring a modulus and breaking RSA security vary
roughly with the 1.6 power of the modulus itself. Thus going from a
...
...
The recommended minimum RSA algorithm modulus size, 640 bits, is
believed by the authors to be secure at this time but high level ...
... essential element in any cryptographically secure system. The
strongest algorithms used with the longest keys are still of no use
if an adversary can guess enough to lower the size of the likely key
space so that it can be exhaustively searched. Suggestions will be
...