One document matched: draft-ietf-dnsext-dnssec-registry-update-00.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="no"?>
<?rfc tocdepth="6"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc rfcedstyle="yes"?>
<?rfc strict="yes"?>
<rfc ipr="trust200902" category="std" docName="draft-ietf-dnsext-dnssec-registry-update-00">
<front>
<title abbrev="IANA Registry Update">DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates</title>
<author fullname="Scott Rose" initials="S." surname="Rose">
<organization> NIST </organization>
<address>
<postal>
<street>100 Bureau Dr.</street>
<city>Gaithersburg</city>
<code>20899</code>
<region>MD</region>
<country>USA</country>
</postal>
<phone>+1-301-975-8439</phone>
<email> scottr.nist@gmail.com </email>
</address>
</author>
<date month="January" year="2012"/>
<area> Internet Area </area>
<workgroup> DNS Extensions Working Group </workgroup>
<keyword>DNS</keyword>
<keyword>DNSSEC</keyword>
<abstract>
<t>
The DNS Security Extensions (DNSSEC) requires the use of
cryptographic algorithm suites for generating digital signatures over DNS data. The algorithms specified for
use with DNSSEC are reflected in an IANA maintained registry. This document presents a set of changes for
some entries of the registry and presents a new registry table.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
The Domain Name System (DNS) Security Extensions (DNSSEC) <xref target="RFC4033" />, <xref target="RFC4034" />,
<xref target="RFC4035" />, <xref target="RFC4509" />, <xref target="RFC5155" />, and <xref target="RFC5702" /> uses digital signatures over DNS data
to provide source authentication and integrity protection. DNSSEC uses an IANA registry
to list codes for digital signature algorithms (consisting of a cryptographic
algorithm and one-way hash function).
</t>
<t>
This document replaces the current IANA registry for Domain Name
System Security (DNSSEC) Algorithm Numbers with a newly defined registry table. This new table (Section 2.2 below)
contains a collection of changes to selected entries originally set aside for future algorithm specification that did
not occur. These entries are changed to "Reserved" to avoid potential conflicts with older implementations. This
document also brings the list of references for entries up to date.
</t>
</section>
<section title="The DNS Security Algorithm Number Sub-registry">
<t>
The DNS Security Algorithm Number sub-registry (part of the Domain Name
System (DNS) Security Number registry) will be replaced with the table below.
There are additional differences to entries that are described in sub-section 2.1 and
the overall new registry table is in sub-section 2.2.
</t>
<section title="Updates and Additions">
<t>
This document updates three entries in the Domain Name System Security (DNSSEC)
Algorithm Registry. They are:
</t>
<t>
The description for assignment number 4 is changed to "Reserved".
</t>
<t>
The description for assignment number 9 is changed to "Reserved".
</t>
<t>
The description for assignment number 11 is changed to "Reserved".</t>
<t>
The above values are changed to "Reserved" because they were placeholders for algorithms that
were not fully specified for use with DNSSEC. Older implementations may still have these algorithm
codes assigned, so these codes are reserved to prevent potential incompatibilities.
</t>
</section>
<section title="Domain Name System (DNS) Security Algorithm Number Registry Table">
<figure><preamble>
The Domain Name System (DNS) Security Algorithm Number registry is hereby specified
as follows below.
</preamble>
<artwork>
Zone Transaction
Number Description Mnemonic Sign Sign Reference
------ ----------- -------- ---- ------ ---------
0 Reserved [RFC4034],
[RFC4398]
1 RSA/MD5 RSAMD5 N Y [RFC3110]
2 Diffie-Hellman DH N Y [RFC2539]
3 DSA/SHA-1 DSASHA1 Y Y [RFC2536]
4 Reserved [THISDOC]
5 RSA/SHA-1 RSASHA1 Y Y [RFC3110]
6 DSA-NSEC3-SHA1 DSA-NSEC3 Y Y [RFC5155]
-SHA1
7 RSASHA1-NSEC3 RSASHA1- Y Y [RFC5155]
-SHA1 NSEC3-SHA1
8 RSA/SHA-256 RSASHA256 Y * [RFC5702]
9 Reserved [THISDOC]
10 RSA/SHA-512 RSASHA512 Y * [RFC5702]
11 Reserved [THISDOC]
12 GOST R GOST-ECC Y * [RFC5933]
34.10-2001
13-122 Unassigned [RFC4034]
123-251 Reserved [RFC4034],
[RFC6014]
252 Reserved for INDIRECT N N [RFC4034]
Indirect keys
253 private PRIVATE Y Y [RFC4034]
algorithm
254 private PRIVATEOID Y Y [RFC4034]
algorithm OID
255 Reserved [RFC4034]
</artwork>
<postamble></postamble>
</figure>
</section>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>
This document replaces the Domain Name System (DNS) Security Algorithm Numbers registry
with new registry table is in Section 2.2. The changes include moving three registry entries to "Reserved" and updating the reference list for entries.
</t>
<t>
The original Domain
Name System (DNS) Security Algorithm Number registry is
available at http://www.iana.org/assignments/dns-sec-alg-numbers.
</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>
This document replaces the Domain Name System (DNS) Security Algorithm Numbers registry with an updated table.
It is not meant
to be a discussion on algorithm superiority. No new security considerations are
raised in this document.
</t>
</section>
</middle>
<back>
<references title="Normative References">
<?rfc include="reference.RFC.2119" ?>
<?rfc include="reference.RFC.2536" ?>
<?rfc include="reference.RFC.2539" ?>
<?rfc include="reference.RFC.3110" ?>
<?rfc include="reference.RFC.4033" ?>
<?rfc include="reference.RFC.4034" ?>
<?rfc include="reference.RFC.4035" ?>
<?rfc include="reference.RFC.4398" ?>
<?rfc include="reference.RFC.4509" ?>
<?rfc include="reference.RFC.5155" ?>
<?rfc include="reference.RFC.5702" ?>
<?rfc include="reference.RFC.5933" ?>
<?rfc include="reference.RFC.6014" ?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 02:59:13 |