From 3aa8b1dd6e0f504ef83da99f8c9cdb2532f948f5 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sun, 13 Sep 2020 23:10:21 +0000
Subject: Initial conversion pass

---
 raw-wiki-dump/DNSSEC%2FRequirements.md | 99 ++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 raw-wiki-dump/DNSSEC%2FRequirements.md

(limited to 'raw-wiki-dump/DNSSEC%2FRequirements.md')

diff --git a/raw-wiki-dump/DNSSEC%2FRequirements.md b/raw-wiki-dump/DNSSEC%2FRequirements.md
new file mode 100644
index 0000000..36b1152
--- /dev/null
+++ b/raw-wiki-dump/DNSSEC%2FRequirements.md
@@ -0,0 +1,99 @@
+# DNSSEC Requirements
+
+## Questions
+
+
+- Should we even support SHA-1?
+- GOST?
+
+
+## Must implement
+
+Target DNSSEC Algorithms:
+
+
+- RSA/SHA-256 (RFC 5702)
+- RSA/SHA-512 (RFC 5702)
+
+
+Algorithms:
+
+
+- Hash: SHA-256
+- Hash: SHA-512
+- Sign: RSA
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_RSA_PKCS_KEY_PAIR_GEN
+- CKM_SHA256_RSA_PKCS
+- CKM_SHA512_RSA_PKCS
+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
+- CKM_SHA256
+- CKM_SHA512
+
+
+## Should implement
+
+Target DNSSEC Algorithms:
+
+
+- ECDSA/P-256/SHA-256 (RFC 6605)
+- ECDSA/P-384/SHA-384 (RFC 6605)
+
+
+Algorithms:
+
+
+- Hash: SHA-256
+- Hash: SHA-384
+- Sign: P-256
+- Sign: P-384
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_EC_KEY_PAIR_GEN
+- CKM_ECDSA_SHA256
+- CKM_ECDSA_SHA384
+- CKM_ECDSA (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
+- CKM_SHA256
+- CKM_SHA384
+
+
+## May implement
+
+Target DNSSEC Algorithms:
+
+
+- RSA/SHA-1 (RFC 3110)
+- GOST (RFC 5933)
+
+
+Algorithms:
+
+
+- Hash: SHA-1
+- Sign: RSA
+
+
+
+- Hash: GOST R 34.11-94 (RFC5831)
+- Sign: GOST R 34.10-2001 (RFC5832)
+
+
+Required PKCS11 Mechs:
+
+
+- CKM_RSA_PKCS_KEY_PAIR_GEN
+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA_1)
+- CKM_SHA1_RSA_PKCS
+- CKM_SHA_1
+
+
+
+- CKM_GOSTR3410_KEY_PAIR_GEN
+- CKM_GOSTR3410_WITH_GOSTR3411
-- 
cgit v1.2.3