Import Cryptech wiki dump

1 files changed, 76 insertions, 0 deletions

diff --git a/raw-wiki-dump/DNSSEC%2FRequirements b/raw-wiki-dump/DNSSEC%2FRequirements
new file mode 100644
index 0000000..b8f40f0
--- /dev/null
+++ b/raw-wiki-dump/DNSSEC%2FRequirements
@@ -0,0 +1,76 @@
+= DNSSEC Requirements =

+

+== Questions ==

+

+- Should we even support SHA-1?

+- GOST?

+

+== Must implement ==

+

+Target DNSSEC Algorithms:

+

+- RSA/SHA-256 (RFC 5702)

+- RSA/SHA-512 (RFC 5702)

+

+Algorithms:

+

+- Hash: SHA-256

+- Hash: SHA-512

+- Sign: RSA

+

+Required PKCS11 Mechs:

+

+- CKM_RSA_PKCS_KEY_PAIR_GEN

+- CKM_SHA256_RSA_PKCS

+- CKM_SHA512_RSA_PKCS

+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)

+- CKM_SHA256

+- CKM_SHA512

+

+== Should implement ==

+

+Target DNSSEC Algorithms:

+

+- ECDSA/P-256/SHA-256 (RFC 6605)

+- ECDSA/P-384/SHA-384 (RFC 6605)

+

+Algorithms:

+

+- Hash: SHA-256

+- Hash: SHA-384

+- Sign: P-256

+- Sign: P-384

+

+Required PKCS11 Mechs:

+

+- CKM_EC_KEY_PAIR_GEN

+- CKM_ECDSA_SHA256

+- CKM_ECDSA_SHA384

+- CKM_ECDSA (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)

+- CKM_SHA256

+- CKM_SHA384

+

+== May implement ==

+

+Target DNSSEC Algorithms:

+

+- RSA/SHA-1 (RFC 3110)

+- GOST (RFC 5933)

+

+Algorithms:

+

+- Hash: SHA-1

+- Sign: RSA

+

+- Hash: GOST R 34.11-94 (RFC5831)

+- Sign: GOST R 34.10-2001 (RFC5832)

+

+Required PKCS11 Mechs:

+

+- CKM_RSA_PKCS_KEY_PAIR_GEN

+- CKM_RSA_PKCS (possible cross-check hash with CKM_SHA_1)

+- CKM_SHA1_RSA_PKCS

+- CKM_SHA_1

+

+- CKM_GOSTR3410_KEY_PAIR_GEN

+- CKM_GOSTR3410_WITH_GOSTR3411