rfc-6944

Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status

S. Rose

date2013-04 streamIETF areaint wgdnsext statusPROPOSED STANDARD pages7 canonicalhttps://www.rfc-editor.org/rfc/rfc6944 doi10.17487/RFC6944 errataview

The DNS Security Extensions (DNSSEC) requires the use of cryptographic algorithm suites for generating digital signatures over DNS data. There is currently an IANA registry for these algorithms, but there is no record of the recommended implementation status of each algorithm. This document provides an applicability statement on algorithm implementation status for DNSSEC component software. This document lists each algorithm's status based on the current reference. In the case that an algorithm is specified without an implementation status, this document assigns one. This document updates RFCs 2536, 2539, 3110, 4034, 4398, 5155, 5702, and 5933.

obsoleted by

rfc-8624 — Algorithm Implementation Requirements and Usage Guidance for DNSSEC

updates

rfc-2536 — DSA KEYs and SIGs in the Domain Name System (DNS)
rfc-2539 — Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
rfc-3110 — RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
rfc-4034 — Resource Records for the DNS Security Extensions
rfc-4398 — Storing Certificates in the Domain Name System (DNS)
rfc-5155 — DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
rfc-5702 — Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC
rfc-5933 — Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC