doc/draft/draft-ietf-dnsext-dnssec-registry-fixes-08.txt

	draft-ietf-dnsext-dnssec-registry-fixes-08.txt revision f2ea8c2f965be7ff4c59f805712c12d469226b7b
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntDNS Extensions Working Group                                     S. Rose
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft                                                      NIST
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntUpdates: 2536, 2539, 3110, 4034, 4398,                      May 26, 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt5155, 5702, 5933 (if approved)
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntIntended status: Standards Track
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntExpires: November 27, 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm IANA
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                Registry
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt               draft-ietf-dnsext-dnssec-registry-fixes-08
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntAbstract
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The DNS Security Extensions (DNSSEC) requires the use of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   cryptographic algorithm suites for generating digital signatures over
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   DNS data.  There is currently an IANA registry for these algorithms
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   that is incomplete in that it lacks the implementation status of each
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   algorithm.  This document provides an applicability statement on
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   algorithm implementation compliance status for DNSSEC
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   implementations.  This status is to measure compliance to this RFC
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   only.  This document replaces that registry table with a new IANA
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   registry table for Domain Name System Security (DNSSEC) Algorithm
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Numbers that lists (or assigns) each algorithm's status based on the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   current reference.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntStatus of This Memo
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This Internet-Draft is submitted in full conformance with the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   provisions of BCP 78 and BCP 79.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Internet-Drafts are working documents of the Internet Engineering
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Task Force (IETF).  Note that other groups may also distribute
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   working documents as Internet-Drafts.  The list of current Internet-
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Drafts is at http://datatracker.ietf.org/drafts/current/.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Internet-Drafts are draft documents valid for a maximum of six months
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   and may be updated, replaced, or obsoleted by other documents at any
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   time.  It is inappropriate to use Internet-Drafts as reference
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   material or to cite them other than as "work in progress."
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This Internet-Draft will expire on November 27, 2011.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntCopyright Notice
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Copyright (c) 2011 IETF Trust and the persons identified as the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   document authors.  All rights reserved.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 1]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document is subject to BCP 78 and the IETF Trust's Legal
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Provisions Relating to IETF Documents
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   (http://trustee.ietf.org/license-info) in effect on the date of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   publication of this document.  Please review these documents
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   carefully, as they describe your rights and restrictions with respect
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   to this document.  Code Components extracted from this document must
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   include Simplified BSD License text as described in Section 4.e of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   the Trust Legal Provisions and are provided without warranty as
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   described in the Simplified BSD License.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntTable of Contents
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt     1.1.  Requirements Language . . . . . . . . . . . . . . . . . . . 3
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   2.  The DNS Security Algorithm Number Sub-registry  . . . . . . . . 3
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt     2.1.  Updates and Additions . . . . . . . . . . . . . . . . . . . 4
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt     2.2.  Domain Name System (DNS) Security Algorithm Number
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt           Registry Table  . . . . . . . . . . . . . . . . . . . . . . 5
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt     2.3.  Specifying New Algorithms and Updating Status of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt           Existing Entries  . . . . . . . . . . . . . . . . . . . . . 6
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   5.  Normative References  . . . . . . . . . . . . . . . . . . . . . 6
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 2]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt1.  Introduction
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The Domain Name System (DNS) Security Extensions (DNSSEC) [RFC4033],
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4034], [RFC4035], [RFC4509], [RFC5155], and [RFC5702] uses
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   digital signatures over DNS data to provide source authentication and
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   integrity protection.  DNSSEC uses an IANA registry to list codes for
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   digital signature algorithms (consisting of a cryptographic algorithm
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   and one-way hash function).
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The original list of algorithm status is found in [RFC4034].  Other
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   DNSSEC RFC's have added new algorithms or changed the status of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   algorithms in the registry.  However, implementers must read through
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   all the documents in order to discover which algorithms are
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   considered wise to implement, which are not, and which algorithms may
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   become widely used in the future.  This document replaces the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   original list with a new table that includes the current compliance
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   status for certain algorithms.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This compliance status indication is only to be considered for
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   implementation, not deployment or operations.  Operators are free to
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   deploy any digital signature algorithm available in implementations
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   or algorithms chosen by local security policies.  This status is to
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   measure compliance to this RFC only.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document replaces the current IANA registry for Domain Name
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   System Security (DNSSEC) Algorithm Numbers with a newly defined
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   registry table.  This new table (Section 2.2 below) contains a column
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   that will list the current compliance status of each digital
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   signature algorithm in the registry at the time of writing and
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   assigns status for some algorithms used with DNSSEC that did not have
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   an identified status in their specification.  This document updates
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   the following: [RFC2536], [RFC2539], [RFC3110], [RFC4034], [RFC4398],
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC5155], [RFC5702], and [RFC5933].
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt1.1.  Requirements Language
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   document are to be interpreted as described in [RFC2119].
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt2.  The DNS Security Algorithm Number Sub-registry
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The DNS Security Algorithm Number sub-registry (part of the Domain
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Name System (DNS) Security Number registry) will be replaced with the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   table below.  This table is based on the existing DNS Security
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Algorithm Number sub-registry and adds a column that contains the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   current implementation status of the given algorithm.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 3]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   There are additional differences to entries that are described in
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   sub-section 2.1.  The overall new registry table is in sub-section
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   2.2.  The values for the compliance status were obtained from
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4034] with updates for algorithms specified after the original
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   DNSSEC specification.  If no status was listed in the original
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   specification, this document assigns one.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt2.1.  Updates and Additions
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document updates three entries in the Domain Name System
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Security (DNSSEC) Algorithm Registry.  They are:
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The description for assignment number 4 is changed to "Reserved until
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   2020".
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The description for assignment number 9 is changed to "Reserved until
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   2020".
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The description for assignment number 11 is changed to "Reserved
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   until 2020".
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Registry entries 13-251 remains Unassigned.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The status of RSASHA1-NSEC3-SHA1 is set to RECOMMENDED TO IMPLEMENT.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This is due to the fact that RSA/SHA-1 is a MUST IMPLEMENT.  The
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   status of RSA/SHA-256 and RSA/SHA-512 are also set to RECOMMENDED TO
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   IMPLEMENT as it is believed that these algorithms will replace an
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   older algorithm (e.g.  RSA/SHA-1) that have a perceived weakness in
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   its hash algorithm (SHA-1).
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 4]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt2.2.  Domain Name System (DNS) Security Algorithm Number Registry Table
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The Domain Name System (DNS) Security Algorithm Number registry is
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   hereby specified as follows below.  The new column is titled
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   "Compliance to RFC TBD" (where TBD will change when published) as the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   IANA Registry table is not normative.  The IANA registry table is
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   only a reflection of the RFC, which is normative.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                        Trans-
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                  Zone  action  Compliance to
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt Number  Description    Mnemonic   Sign  Sign     RFC TBD1     Reference
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt ------  -----------     ------    ----  -----  ------------   ---------
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  0      Reserved                                              [RFC4398]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  1      RSA/MD5         RSAMD5     N     Y      MUST NOT      [RFC2537]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                                 IMPLEMENT
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  2      Diffie-Hellman  DH         N     Y                    [RFC2539]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  3      DSA/SHA-1       DSASHA1    Y     Y                    [RFC2536]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  4      Reserved until
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         2020
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  5      RSA/SHA-1       RSASHA1    Y     Y      MUST          [RFC3110]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                                 IMPLEMENT
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  6      DSA-NSEC3-SHA1  DSA-NSEC3  Y     Y                    [RFC5155]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                         -SHA1
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  7      RSASHA1-NSEC3   RSASHA1-   Y     Y     RECOMMENDED    [RFC5155]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         -SHA1           NSEC3-                 TO IMPLEMENT
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                         SHA1
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  8      RSA/SHA-256     RSASHA256  Y     *     RECOMMENDED    [RFC5702]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                                TO IMPLEMENT
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  9      Reserved until
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         2020
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  10      RSA/SHA-512     RSASHA512  Y     *    RECOMMENDED    [RFC5702]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt                                                TO IMPLEMENT
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  11      Reserved until
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         2020
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  12      GOST R          GOST-ECC   Y     *                   [RFC5933]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         34.10-2001
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt 13-251   Unassigned
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  252     Reserved for    INDIRECT   N     N                   [RFC4034]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         Indirect keys
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  253     private         PRIVATE    Y     Y                   [RFC4034]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         algorithm
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  254     private         PRIVATEOID Y     Y                   [RFC4034]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt         algorithm OID
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt  255     Reserved
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Table rows where the compliance column is not filled in are left to
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   the discretion of implementers.  Their implementation (or lack
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   thereof) therefore cannot be included when judging compliance to this
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 5]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   document.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt2.3.  Specifying New Algorithms and Updating Status of Existing Entries
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC6014] establishes a parallel procedure for adding a registry
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   entry for a new algorithm other than a standards track document.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Algorithms entered into the registry using that procedure do not have
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   a listed compliance status.  Specifications that follow this path do
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   not need to obsolete or update this document.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Adding a newly specified algorithm to the registry with a compliance
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   status SHALL entail obsolescing this document and replacing the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   registry table (with the new algorithm entry).  Altering the status
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   column value of any existing algorithm in the registry SHALL entail
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   obsoleting this document and replacing the registry table.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document cannot be updated, only made obsolete and replaced by a
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   successor document.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt3.  IANA Considerations
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document replaces the Domain Name System (DNS) Security
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Algorithm Numbers registry.  The new registry table is in Section
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   2.2.  In the column "Compliance to RFC TBD", "RFC TBD" should be
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   changed to the official RFC when published.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   The original Domain Name System (DNS) Security Algorithm Number
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   registry is available at
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   http://www.iana.org/assignments/dns-sec-alg-numbers.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt4.  Security Considerations
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   This document replaces the Domain Name System (DNS) Security
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Algorithm Numbers registry.  It is not meant to be a discussion on
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   algorithm superiority.  No new security considerations are raised in
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   this document.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt5.  Normative References
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Requirement Levels", BCP 14, RFC 2119, March 1997.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC2536]  Eastlake, D., "DSA KEYs and SIGs in the Domain Name System
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              (DNS)", RFC 2536, March 1999.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC2537]  Eastlake, D., "RSA/MD5 KEYs and SIGs in the Domain Name
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              System (DNS)", RFC 2537, March 1999.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 6]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC2539]  Eastlake, D., "Storage of Diffie-Hellman Keys in the
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Domain Name System (DNS)", RFC 2539, March 1999.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC3110]  Eastlake, D., "RSA/SHA-1 SIGs and RSA KEYs in the Domain
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Name System (DNS)", RFC 3110, May 2001.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Rose, "DNS Security Introduction and Requirements",
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              RFC 4033, March 2005.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4034]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Rose, "Resource Records for the DNS Security Extensions",
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              RFC 4034, March 2005.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4035]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Rose, "Protocol Modifications for the DNS Security
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Extensions", RFC 4035, March 2005.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4398]  Josefsson, S., "Storing Certificates in the Domain Name
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              System (DNS)", RFC 4398, March 2006.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC4509]  Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              (DS) Resource Records (RRs)", RFC 4509, May 2006.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC5155]  Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Security (DNSSEC) Hashed Authenticated Denial of
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Existence", RFC 5155, March 2008.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC5702]  Jansen, J., "Use of SHA-2 Algorithms with RSA in DNSKEY
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              and RRSIG Resource Records for DNSSEC", RFC 5702,
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              October 2009.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC5933]  Dolmatov, V., Chuprina, A., and I. Ustinov, "Use of GOST
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Signature Algorithms in DNSKEY and RRSIG Resource Records
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              for DNSSEC", RFC 5933, July 2010.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   [RFC6014]  Hoffman, P., "Cryptographic Algorithm Identifier
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt              Allocation for DNSSEC", RFC 6014, November 2010.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 7]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntInternet-Draft             IANA Registry Fixes                  May 2011
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntAuthor's Address
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Scott Rose
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   NIST
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   100 Bureau Dr.
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Gaithersburg, MD  20899
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   USA
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   Phone: +1-301-975-8439
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt   EMail: scottr.nist@gmail.com
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan HuntRose                    Expires November 27, 2011               [Page 8]
f2ea8c2f965be7ff4c59f805712c12d469226b7bEvan Hunt