1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
public key
Click on the red underlined text to get to the source
... DNS)
protocol to support DNS security and public key distribution. It
assumes that the reader is familiar with the Domain Name System,
...
... DNS names.
This permits the DNS to be used as a public key distribution
mechanism in support of the DNS data origin authentication ...
... RR) is described in Section 3.
It includes an algorithm identifier, the actual public key
parameters, and a variety of flags including those indicating the
type of entity ...
... private key that signs for an entire zone. If
a security aware resolver reliably learns the public key of the zone,
it can verify, for signed data read from that zone, that it was
...
...
A resolver can learn the public key of a zone either by reading it
from DNS or by having it staticly configured. To reliably learn the
...
... from DNS or by having it staticly configured. To reliably learn the
public key by reading it from DNS, the key itself must be signed.
Thus, to provide a reasonable degree of security ...
... Thus, to provide a reasonable degree of security, the resolver must
be configured with at least the public key of one zone that it can
use to authenticate signatures ...
... authenticate/update its own records.
The public key of the entity must be present in the DNS and be
...
... host composing the request or reply message, not to the zone
involved. The corresponding public key is normally stored in and
retrieved from the DNS.
...
... associated with a Domain Name System (DNS) name. It will be a public
key as only public keys are stored in the DNS. This can be the
...
... public keys are stored in the DNS. This can be the
public key of a zone, a host or other end entity, or a user. A KEY
...
... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| /
/ public key /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
...
... algorithm octet as they control the format and even whether there is
any following data. The algorithm and public key fields are
described in Section 3.5. The format of the public key is algorithm ...
... algorithm and public key fields are
described in Section 3.5. The format of the public key is algorithm
dependent.
...
...
The public key in a KEY RR belongs to the object named in the owner
name.
...
... RR to indicate with which of these roles
the owner name and public key are associated. Note that an
appropriate zone KEY RR ...
... host.subdomain.domain could have a public key associated through a
KEY RR with name j\.random_user.host ...
... entity such as a telephone number [RFC1530]. This is the public
key used in connection with the optional DNS transaction ...
... zone key
for the zone whose name is the KEY RR owner name. This is the public
key used for DNS data origin authentication.
...
... private use and will
never be assigned a specific algorithm. For number 254, the public
key area shown in the packet diagram above will actually begin with a
length byte followed by an Object Identifier (OID ...
... DNS dynamic update. For
number 253, the public key area is null. Values 0 and 255 are
reserved.
...
... field is 1, indicating the MD5/RSA algorithm, the public key field is
structured as follows:
...
... 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| pub exp length| public key exponent /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| /
...
... interoperability, the exponent and modulus are each
limited to 2552 bits in length. The public key exponent is a
variable length unsigned integer. Its length in octets is
...
... zero octet followed by a two octet unsigned length if it is longer
than 255 bytes. The public key modulus field is a multiprecision
unsigned integer. The length of the modulus can be determined from
...
...
The remaining public key portion is represented in base 64 (see
Appendix) and may be divided up into any number of white space
separated substrings ...
...
Note that the public key may have internal sub-fields but these do
not appear in the master file representation. For example, with
algorithm ...
... 16 bit quantity that is used to help
efficiently select between multiple keys which may be applicable and
as a quick check that a public key about to be used for the
computationally expensive effort to check the signature is possibly
...
... algorithm dependent. For the MD5/RSA
algorithm, it is the next to the bottom two octets of the public key
modulus needed to decode the signature field. That is to say, the
...
... signer, and
"n" is the modulus of the signer's public key. 01, FF, and 00 are
fixed octets of the corresponding hexadecimal value. "prefix ...
...
(The above specifications are identical to the corresponding part of
Public Key Cryptographic Standard #1 [PKCS1].)
...
...
for a public key. "name" is the owner name (if the line is
translated into a KEY RR). Flags indicates the type of key and is
...
...
There are a number of factors that effect public key size choice for
use in the DNS security extension. Unfortunately, these factors
...
... Note, however, that secure resolvers must be configured with some
trusted on-line public key information (or a secure path to such a
resolver) or they will be unable to authenticate.
...
... data integrity and origin
authentication, public key distribution, and optional transaction and
request security ...