Diff: rfc9563v2.txt - rfc9563.txt

	rfc9563v2.txt	rfc9563.txt

	Independent Submission C. Zhang	Independent Submission C. Zhang
	Request for Comments: 9563 Y. Liu	Request for Comments: 9563 Y. Liu
	Category: Informational F. Leng	Category: Informational F. Leng
	ISSN: 2070-1721 Q. Zhao	ISSN: 2070-1721 Q. Zhao
	Z. He	Z. He
	CNNIC	CNNIC

	April 2024	May 2024

	SM2 Digital Signature Algorithm for DNSSEC	SM2 Digital Signature Algorithm for DNSSEC

	Abstract	Abstract

	This document specifies the use of the SM2 digital signature	This document specifies the use of the SM2 digital signature
	algorithm and SM3 hash algorithm for DNS Security (DNSSEC).	algorithm and SM3 hash algorithm for DNS Security (DNSSEC).

	This document is an Independent Submission to the RFC series and does	This document is an Independent Submission to the RFC series and does
	not have consensus of the IETF community.	not have consensus of the IETF community.

	skipping to change at line 123 ¶	skipping to change at line 123 ¶
	yG = BC3736A2 F4F6779C 59BDCEE3 6B692153	yG = BC3736A2 F4F6779C 59BDCEE3 6B692153
	D0A9877C C62A4740 02DF32E5 2139F0A0	D0A9877C C62A4740 02DF32E5 2139F0A0
	n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF	n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF
	7203DF6B 21C6052B 53BBF409 39D54123	7203DF6B 21C6052B 53BBF409 39D54123

	4. DNSKEY and RRSIG Resource Records for SM2	4. DNSKEY and RRSIG Resource Records for SM2

	4.1. DNSKEY Resource Records	4.1. DNSKEY Resource Records

	SM2 public keys consist of a single value, called "P". In DNSSEC	SM2 public keys consist of a single value, called "P". In DNSSEC

	keys, P is a string of 32 octets that represents the uncompressed	keys, P is a string of 64 octets that represents the uncompressed
	form of a curve point, "x \| y". (Conversion of a point to an octet	form of a curve point, "x \| y". (Conversion of a point to an octet
	string is described in Section 4.2.8 of [GBT-32918.1-2016].)	string is described in Section 4.2.8 of [GBT-32918.1-2016].)

	4.2. RRSIG Resource Records	4.2. RRSIG Resource Records

	The SM2 signature is the combination of two non-negative integers,	The SM2 signature is the combination of two non-negative integers,
	called "r" and "s". The two integers, each of which is formatted as	called "r" and "s". The two integers, each of which is formatted as
	a simple octet string, are combined into a single longer octet string	a simple octet string, are combined into a single longer octet string
	for DNSSEC as the concatenation "r \| s". (Conversion of the integers	for DNSSEC as the concatenation "r \| s". (Conversion of the integers
	to bit strings is described in Section 4.2.1 of [GBT-32918.1-2016].)	to bit strings is described in Section 4.2.1 of [GBT-32918.1-2016].)

	skipping to change at line 262 ¶	skipping to change at line 262 ¶
	implemented and not known to have weaknesses.	implemented and not known to have weaknesses.

	The security considerations listed in [RFC4509] apply here as well.	The security considerations listed in [RFC4509] apply here as well.

	9. References	9. References

	9.1. Normative References	9.1. Normative References

	[GBT-32905-2016]	[GBT-32905-2016]
	Standardization Administration of China, "Information	Standardization Administration of China, "Information

	security technology -- SM3 Cryptographic Hash Algorithm",	security techniques--SM3 Cryptographic Hash Algorithm",
	GB/T 32905-2016, March 2017, <http://www.gmbz.org.cn/	[In Chinese], GB/T 32905-2016, March 2017. English
	upload/2018-07-24/1532401392982079739.pdf>.	translation available at: http://www.gmbz.org.cn/
		upload/2018-07-24/1532401392982079739.pdf
		(http://www.gmbz.org.cn/
		upload/2018-07-24/1532401392982079739.pdf).

	[GBT-32918.1-2016]	[GBT-32918.1-2016]
	Standardization Administration of China, "Information	Standardization Administration of China, "Information

	security technology -- Public key cryptographic algorithm	security technology--Public key cryptographic algorithm
	SM2 based on elliptic curves -- Part 1: General", GB/	SM2 based on elliptic curves--Part 1: General", [In
	T 32918.2-2016, March 2017, <http://www.gmbz.org.cn/	Chinese], GB/T 32918.1-2016, March 2017. English
	upload/2018-07-24/1532401673134070738.pdf>.	translation available at: http://www.gmbz.org.cn/
		upload/2018-07-24/1532401673134070738.pdf
		(http://www.gmbz.org.cn/
		upload/2018-07-24/1532401673134070738.pdf)

	[GBT-32918.2-2016]	[GBT-32918.2-2016]
	Standardization Administration of China, "Information	Standardization Administration of China, "Information

	security technology -- Public key cryptographic algorithm	security technology--Public key cryptographic algorithm
	SM2 based on elliptic curves -- Part 2: Digital signature	SM2 based on elliptic curves--Part 2: Digital signature
	algorithm", GB/T 32918.2-2016, March 2017,	algorithm", [In Chinese], GB/T 32918.2-2016, March 2017.
	<http://www.gmbz.org.cn/	English translation available at: http://www.gmbz.org.cn/
	upload/2018-07-24/1532401673138056311.pdf>.	upload/2018-07-24/1532401673138056311.pdf
		(http://www.gmbz.org.cn/
		upload/2018-07-24/1532401673138056311.pdf)

	[IANA] IANA, "DNS Security Algorithm Numbers",	[IANA] IANA, "DNS Security Algorithm Numbers",
	<https://www.iana.org/assignments/dns-sec-alg-numbers>.	<https://www.iana.org/assignments/dns-sec-alg-numbers>.

	[ISO-IEC10118-3_2018]	[ISO-IEC10118-3_2018]
	ISO/IEC, "IT Security techniques -- Hash-functions -- Part	ISO/IEC, "IT Security techniques -- Hash-functions -- Part
	3: Dedicated hash-functions", ISO/IEC 10118-3:2018,	3: Dedicated hash-functions", ISO/IEC 10118-3:2018,
	October 2018.	October 2018.

	[ISO-IEC14888-3_2018]	[ISO-IEC14888-3_2018]

End of changes. 5 change blocks.
	14 lines changed or deleted	22 lines changed or added
This html diff was produced by rfcdiff 1.48.