Wireshark · Ethereal-dev: Re: [Ethereal-dev] Computation of key id in DNS Key RRs

Ethereal-dev: Re: [Ethereal-dev] Computation of key id in DNS Key RRs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 14 Jan 2004 18:08:15 -0800


On Jan 14, 2004, at 9:42 AM, David Fort wrote:

This patch fixes things in the computation of key id, DNSsec RFC tells
that there's only two way of calculating key id: the RSAMD5 way and
the default one.


Which RFC is that?  RFC 2535 says

3.2 The KEY Algorithm Number Specification

   This octet is the key algorithm parallel to the same field for the
   SIG resource as described in Section 4.1.  The following values are
   assigned:

   VALUE   Algorithm

     0      - reserved, see Section 11
     1     RSA/MD5 [RFC 2537] - recommended
     2     Diffie-Hellman [RFC 2539] - optional, key only
     3     DSA [RFC 2536] - MANDATORY
     4     reserved for elliptic curve crypto
   5-251    - available, see Section 11
   252     reserved for indirect keys
   253     private - domain name (see below)
   254     private - OID (see below)
   255      - reserved, see Section 11

   Algorithm specific formats and procedures are given in separate
   documents.  The mandatory to implement for interoperability algorithm
   is number 3, DSA.  It is recommended that the RSA/MD5 algorithm,
   number 1, also be implemented.  Algorithm 2 is used to indicate
   Diffie-Hellman keys and algorithm 4 is reserved for elliptic curve.

   Algorithm number 252 indicates an indirect key format where the
   actual key material is elsewhere.  This format is to be defined in a
   separate document.

   Algorithm numbers 253 and 254 are reserved for private use and will
   never be assigned a specific algorithm.  For number 253, the public
   key area and the signature begin with a wire encoded domain name.
   Only local domain name compression is permitted.  The domain name
   indicates the private algorithm to use and the remainder of the
   public key area is whatever is required by that algorithm.  For
   number 254, the public key area for the KEY RR and the signature
   begin with an unsigned length byte followed by a BER encoded Object

   Identifier (ISO OID) of that length.  The OID indicates the private
   algorithm in use and the remainder of the area is whatever is
   required by that algorithm.  Entities should only use domain names
   and OIDs they control to designate their private algorithms.

   Values 0 and 255 are reserved but the value 0 is used in the
   algorithm field when that field is not used.  An example is in a KEY
   RR with the top two flag bits on, the "no-key" value, where no key is
   present.

Follow-Ups:
- Re: [Ethereal-dev] Computation of key id in DNS Key RRs
  - From: David Fort

References:
- [Ethereal-dev] Computation of key id in DNS Key RRs
  - From: David Fort

Prev by Date: Re: [Ethereal-dev] Removing dissectors
Next by Date: Re: [Ethereal-dev] Bugfix packet-isup.c - Location number(patch)
Previous by thread: [Ethereal-dev] Computation of key id in DNS Key RRs
Next by thread: Re: [Ethereal-dev] Computation of key id in DNS Key RRs
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$