ZONEMD records - RFC8976 #376
Description
https://www.rfc-editor.org/rfc/rfc8976
Type Value:
The Type value for the ZONEMD RR is 63.
Runs on any class:
The ZONEMD RR is class independent.
Internal repr:
The RDATA of the resource record consists of four fields: Serial, Scheme, Hash Algorithm, and Digest.
Fields:
- The Serial field is a 32-bit unsigned integer in network byte order. It is the serial number from the zone's SOA record ([RFC1035], Section 3.3.13) for
which the zone digest was generated. - The Scheme field is an 8-bit unsigned integer that identifies the methods by which data is collated and presented as input to the hashing function.
- Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme defined for ZONEMD records and it MUST be supported by implementations.
- Scheme values 240-254 are allocated for Private Use.
- (ie, 1 or 240-254 = ok, else fail)
- The Hash Algorithm field is an 8-bit unsigned integer that identifies the cryptographic hash algorithm used to construct the digest.
(ref)- Sha384 == 1
- When SHA384 is used, the size of the Digest field is 48 octets.
- Sha512 == 2
- When SHA512 is used, the size of the Digest field is 64 octets.
- Hash Algorithm values 240-254 are allocated for Private Use.
- Sha384 == 1
- The Digest field MUST NOT be shorter than 12 octets. Digests for the SHA384 and SHA512 hash algorithms specified herein are never truncated. Digests for
future hash algorithms MAY be truncated but MUST NOT be truncated to a length that results in less than 96 bits (12 octets) of equivalent strength.- Min-length check of 12 bytes
- Display of the ZONEMD field
- The Serial field is represented as an unsigned decimal integer.
- The Scheme field is represented as an unsigned decimal integer.
- The Hash Algorithm field is represented as an unsigned decimal integer.
- The Digest is represented as a sequence of case-insensitive hexadecimal digits. Whitespace is allowed within the hexadecimal text.
- Examples