]> HTT Consulting

Oak Park MI 48237 United States of America rgm@labs.htt-consult.com

kivinen@iki.fi

Sandelman Software Works

mcr+ietf@sandelman.ca https://www.sandelman.ca/

sec IPSECKEY EdDSA This document assigns a value for Edwards-Curve Digital Signature Algorithm (EdDSA) Public Keys to the "IPSECKEY Resource Record Parameters" registry.

Introduction IPSECKEY is a resource record (RR) for the Domain Name System (DNS) that is used to store public keys for use in IP security (IPsec) systems. The IPSECKEY RR relies on the IPSECKEY "Algorithm Type Field" registry to enumerate the permissible formats for the public keys. This document adds support for Edwards-Curve Digital Security Algorithm (EdDSA) public keys in the format defined in to the IPSECKEY RR.

IPSECKEY Support for EdDSA When using the EdDSA public key in the IPSECKEY RR, the value 4 is used as an algorithm and the public key is formatted as specified in "Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC" ().

Value	Description	Format Description	Reference
4	An EdDSA Public Key		This RFC

IANA Considerations

Update to the IANA IPSECKEY Registry

Reformat the Algorithm Type Field Registry Per this document, IANA has added the "Format Description" field to the "Algorithm Type Field" registry of the "IPSECKEY Resource Record Parameters" . In addition, IANA has updated the "Description" field in existing entries of that registry to explicitly state that they are for "Public" keys:

Value	Description	Format Description	Reference
0	No Public key is present
1	A DSA Public Key
2	An RSA Public Key
3	An ECDSA Public Key

IANA added a reference to this document to the "Algorithm Type Field" registry.

Add to the Algorithm Type Field Registry Further, IANA has made the following addition to the "Algorithm Type Field" registry within the "IPSECKEY Resource Record Parameters" :

Value	Description	Format Description	Reference
4	An EdDSA Public Key		This RFC

Security Considerations The security considerations discussed in apply. This document does not introduce any new security considerations.

References IANA

IPSECKEY EdDSA Example The following is an example of an IPSECKEY RR with no gateway, and an EdDSA public key. It uses the IPSECKEY presentation format which is base64. The associated EdDSA private key (in hex) is as follows:

Acknowledgments Thanks to the Security Area Director, , for his initial review. Also, thanks to Security Area Director, , for his final reviews and document shepherding.