Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

Nahual Terabits
RFC8080 introduces 2 new algorithms for DNSSEC.
Algorithm: 15 (ED25519) and Algorithm: 16 (ED448)
https://tools.ietf.org/html/rfc8080

Will ED25519 and ED448 be supported by BIND anytime soon? That means including these algorithms in dnssec-keygen and the dnssec validator.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

Mark Andrews

In message <CA+ATYG-BJ=v6L_BbL+spASCbAyBCdmFutstYAQTzg=hX=[hidden email]>
, Nahual Terabits writes:

>
> RFC8080 introduces 2 new algorithms for DNSSEC.
>
> Algorithm: 15 (ED25519) and Algorithm: 16 (ED448)
>
> https://tools.ietf.org/html/rfc8080
>
>
> Will ED25519 and ED448 be supported by BIND anytime soon? That means
> including these algorithms in dnssec-keygen and the dnssec validator.

We will look at this when the crypto providers we use support
these curves.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

Nahual Terabits
Ed25519 is now officially supported by the latest version of OpenSSL that is on Github:
https://github.com/openssl/openssl/tree/04dec1ab34df70c1588d42cc394e8fa8b5f3191c

Documentation on how to generate an ed25519 key pair can be found here:
https://github.com/openssl/openssl/blob/master/doc/man7/Ed25519.pod

Documentation on how to sign and verify messages using ed25519 can be found here:
https://github.com/openssl/openssl/pull/3409
https://github.com/openssl/openssl/blob/master/doc/man3/EVP_DigestSignInit.pod
https://github.com/openssl/openssl/blob/master/doc/man3/EVP_DigestVerifyInit.pod

On Wed, May 31, 2017 at 11:04 AM, Tony Finch <[hidden email]> wrote:
Nahual Terabits <[hidden email]> wrote:
> Ed25519 is now officially supported by the latest version of OpenSSL that
> is on Github:
> https://github.com/openssl/openssl/tree/04dec1ab34df70c1588d42cc394e8fa8b5f3191c

Brilliant, thanks for letting me know and thanks for the links to the
docs!

(I have seen discussions on IETF lists about Ed25519 being deployed in
several other protocols, so I expected this would happen before too
long, but this is sooner than I expected!)

Tony.
--
f.anthony.n.finch  <[hidden email]http://dotat.at/  -  I xn--zr8h
punycode


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...