<?xmlversion="1.0" encoding="US-ASCII"?>version="1.0"?> <?xml-stylesheet type='text/xsl' href='./rfc2629.xslt' ?> <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ <!ENTITY RFC2119 SYSTEM"https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">"http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC4034 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4034.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4034.xml"> <!ENTITY RFC5155 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5155.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5155.xml"> <!ENTITY RFC5702 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5702.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5702.xml"> <!ENTITY RFC5933 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5933.xml"> <!ENTITY RFC8174 PUBLIC "" "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5933.xml"> <!ENTITY RFC6605 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6605.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6605.xml"> <!ENTITY RFC6781 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6781.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6781.xml"> <!ENTITY RFC6944 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6944.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6944.xml"> <!ENTITY RFC6979 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6979.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6979.xml"> <!ENTITY RFC6986 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6986.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6986.xml"> <!ENTITY RFC7091 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7091.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7091.xml"> <!ENTITY RFC7344 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7344.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7344.xml"> <!ENTITY RFC7583 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7583.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7583.xml"> <!ENTITY RFC8032 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml"> <!ENTITY RFC8078 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8078.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8078.xml"> <!ENTITY RFC8080 PUBLIC """https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8080.xml">"http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8080.xml"> ]> <?rfc toc="yes"?> <?rfc strict="yes" ?> <?rfc linkmailto="yes" ?> <?rfc symrefs="yes"?> <?rfc compact="yes" ?> <?rfc subcompact="no" ?> <?rfc sortrefs="no" ?> <?rfc rfcedstyle="yes"?> <rfc ipr="trust200902" docName="draft-hardaker-dnsop-rfc8624-bis-00" category="std"obsoletes="6944" number="8624" submissionType="IETF" consensus="yes">obsoletes="8624"> <front> <title abbrev="DNSSEC Cryptographic Algorithms">Algorithm Implementation Requirements and Usage Guidance for DNSSEC</title> <author fullname="Wes Hardaker" initials="W." surname="Hardaker"> <organization>USC/ISI</organization> <address> <postal> <street/> <country>US</country> </postal> <email>ietf@hardakers.net</email> </address> </author> <author fullname="Paul Wouters" initials="P." surname="Wouters"> <organization>Red Hat</organization> <address> <postal> <street/><country>Canada</country><country>CA</country> </postal> <email>pwouters@redhat.com</email> </address> </author> <author fullname="Ondrej Sury" initials="O." surname="Sury"> <organization>Internet Systems Consortium</organization> <address> <postal> <street/><country>Czech Republic</country><country>CZ</country> </postal> <email>ondrej@isc.org</email> </address> </author> <datemonth="June" year="2019"/>year="2022"/> <area>Security</area> <workgroup>dnsop</workgroup><keyword>DNS</keyword><keyword>Internet-Draft</keyword> <abstract> <t> The DNSSEC protocol makes use of various cryptographic algorithms in order to provide authentication of DNS data and proof ofnonexistence.non-existence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify a set of algorithm implementation requirements and usage guidelines to ensure that there is at least one algorithm that all implementations support. This document defines the current algorithm implementation requirements and usage guidance for DNSSEC. This document obsoletesRFC 6944.<xref target="RFC6944"/>. </t> </abstract> </front> <!-- ====================================================================== --> <middle> <section anchor="introduction" title="Introduction"> <t> The DNSSEC signing algorithms are defined by various RFCs, including <xref target="RFC4034"/>, <xref target="RFC5155"/>, <xref target="RFC5702"/>, <xref target="RFC5933"/>, <xref target="RFC6605"/>,and<xref target="RFC8080"/>. DNSSEC is used to provide authentication of data. To ensure interoperability, a set of "mandatory-to-implement" DNSKEY algorithms are defined. This document obsoletes <xref target="RFC6944"/>. </t> <section title="Updating Algorithm Implementation Requirements and Usage Guidance"> <t> The field of cryptography evolves continuously.New,New stronger algorithmsappear,appear and existing algorithms are found to be less securethanthen originally thought.Attacks previously thought to be computationally infeasible become more accessible as the available computational resources increase.Therefore, algorithm implementation requirements and usage guidance need to be updated from time to time to reflect the new reality. The choices for algorithms must be conservative to minimize the risk of algorithm compromise. </t> </section> <section title="Updating Algorithm Requirement Levels"> <t> The mandatory-to-implement algorithm of tomorrow should already be available in most implementations of DNSSEC by the time it is made mandatory. This document attempts to identify and introduce those algorithms for future mandatory-to-implement status. There is no guarantee that algorithms in use today will become mandatory in the future. Published algorithms are continuously subjected to cryptographic attack and may become tooweakweak, or even be completelybrokenbroken, before this document is updated. </t> <t> This documentonlyprovides recommendations with respect to mandatory-to-implementalgorithms oralgorithms, algorithms so weak that they cannot berecommended.recommended, and algorithms defined in RFCs that are not on the standards track. Any algorithm listed in the <xref target="DNSKEY-IANA"/> and <xref target="DS-IANA"/> registries that are not mentioned in this document MAY be implemented. For clarification and consistency, an algorithm will be specified as MAY in this document only when it has been downgraded from a MUST or a RECOMMENDED to a MAY. </t> <t> Although this document's primary purpose is to update algorithm recommendations to keep DNSSEC authentication secure over time, it also aims to do so in such a way that DNSSEC implementations remain interoperable. DNSSEC interoperability is addressed by an incremental introduction or deprecation of algorithms. </t> <t> <xref target="RFC2119"/> considers the term SHOULD equivalent to RECOMMENDED, and SHOULD NOT equivalent to NOT RECOMMENDED. The authors of this document have chosen to use the terms RECOMMENDED and NOT RECOMMENDED, as this more clearly expresses theintentrecommendations to implementers. </t> <t> It is expected that deprecation of an algorithm will be performedgradually in a series of updates to this document.gradually. This provides time for various implementations to update their implemented algorithms while remaining interoperable. Unless there are strong security reasons, an algorithm is expected to be downgraded from MUST to NOT RECOMMENDED or MAY, instead of to MUST NOT. Similarly, an algorithm that has not been mentioned as mandatory-to-implement is expected to be introduced with a RECOMMENDED instead of a MUST. </t> <t> Since the effect of using an unknown DNSKEY algorithm is that the zone is treated as insecure, it is recommended that algorithms downgraded to NOT RECOMMENDED or lower not be used by authoritative nameservers and DNSSEC signers to create newDNSKEYs.DNSKEY's. This will allow for deprecated algorithms to become less and less common over time. Once an algorithm has reached a sufficiently low level of deployment, it can be marked as MUSTNOTNOT, so that recursive resolvers can remove support for validating it. </t> <t> Recursive nameservers are encouraged to retain support for all algorithms not marked as MUST NOT. </t> </section> <section title="Document Audience"> <t> The recommendations of this document mostly target DNSSEC implementers, as implementations need to meet both high security expectations as well as high interoperability between various vendors and with different versions. Interoperability requires a smooth transition to more secure algorithms. This perspective may differ from from that of a user who wishes to deploy and configure DNSSEC with only the safest algorithm. On the other hand, the comments and recommendations in this document are also expected to be useful for such users. </t> </section> </section> <section anchor="mustshouldmay" title="Conventions Used in This Document"> <t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED","NOT RECOMMENDED","MAY", and "OPTIONAL" in this document are to be interpreted as described inBCP 14<xreftarget="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.target="RFC2119"/>. </t> </section> <section anchor="algs" title="Algorithm Selection"> <section anchor="algs_dnskey" title="DNSKEY Algorithms"> <t>The following table lists the implementationImplementation recommendations for DNSKEY algorithms <xref target="DNSKEY-IANA"/>. </t> <texttable anchor="tbl_dnskey" suppress-title="true"> <ttcol align="left">Number</ttcol> <ttcol align="left">Mnemonics</ttcol> <ttcol align="left">DNSSEC Signing</ttcol> <ttcol align="left">DNSSEC Validation</ttcol> <c>1</c><c>RSAMD5</c><c>MUST NOT</c><c>MUST NOT</c> <c>3</c><c>DSA</c><c>MUST NOT</c><c>MUST NOT</c><c>5</c><c>RSASHA1</c><c>NOT RECOMMENDED</c><c>MUST</c><c>5</c><c>RSASHA1</c><c>MUST NOT</c><c>SHOULD NOT</c> <c>6</c><c>DSA-NSEC3-SHA1</c><c>MUST NOT</c><c>MUST NOT</c><c>7</c><c>RSASHA1-NSEC3-SHA1</c><c>NOT RECOMMENDED</c><c>MUST</c><c>7</c><c>RSASHA1-NSEC3-SHA1</c><c>MUST NOT</c><c>SHOULD NOT</c> <c>8</c><c>RSASHA256</c><c>MUST</c><c>MUST</c> <c>10</c><c>RSASHA512</c><c>NOT RECOMMENDED</c><c>MUST</c> <c>12</c><c>ECC-GOST</c><c>MUSTNOT</c><c>MAY</c>NOT</c><c>MUST NOT</c> <c>13</c><c>ECDSAP256SHA256</c><c>MUST</c><c>MUST</c> <c>14</c><c>ECDSAP384SHA384</c><c>MAY</c><c>RECOMMENDED</c> <c>15</c><c>ED25519</c><c>RECOMMENDED</c><c>RECOMMENDED</c> <c>16</c><c>ED448</c><c>MAY</c><c>RECOMMENDED</c> </texttable> <t> RSAMD5 is not widelydeployed,deployed and there is an industry-wide trend to deprecate MD5 usage. </t> <t> RSASHA1 and RSASHA1-NSEC3-SHA1 are widely deployed, althoughthezones deploying it are recommended to switch to ECDSAP256SHA256 as there is an industry-wide trend to move to elliptic curve cryptography. RSASHA1 does not support NSEC3. RSASHA1-NSEC3-SHA1 can be used with or without NSEC3. </t> <t> DSA and DSA-NSEC3-SHA1 are not widely deployed andarevulnerable to private key compromise when generating signatures using a weak or compromised random number generator. </t> <t> RSASHA256 iswidely usedin wide use and considered strong.It has been the default algorithm for a number of years and is now slowly being replaced with ECDSAP256SHA256 due to its shorter key and signature size, resulting in smaller DNS packets.</t> <t> RSASHA512 is NOT RECOMMENDED for DNSSECsigningSigning because it has not seen wide deployment, but there are somedeployments; hence,deployments hence DNSSECvalidationValidation MUST implement RSASHA512 to ensure interoperability. There is no significant difference incryptographiccryptographics strength between RSASHA512 andRSASHA256; therefore, use of RSASHA512RSASHA256, therefore it is discouraged to use RSASHA512, as it will only make deprecation of older algorithms harder. Peoplewhothat wish to use a cryptographically stronger algorithm should switch to elliptic curve cryptography algorithms. </t> <t> ECC-GOST (GOST R 34.10-2001) has been superseded by GOST R 34.10-2012 in <xref target="RFC7091"/>. The GOST R 34.10-2012 hasn't been standardized for use in DNSSEC. </t> <t> ECDSAP256SHA256 provides more cryptographic strength with a shorter signature length than either RSASHA256 or RSASHA512. ECDSAP256SHA256 has been widelydeployed; therefore,deployed and therefore it is now at MUST level for both validation and signing. It is RECOMMENDED to usethedeterministic digital signature generation procedure of theElliptic Curve Digital Signature Algorithm (ECDSA), specified in <xref target="RFC6979"/>,ECDSA (<xref target="RFC6979"/>) when implementing ECDSAP256SHA256 (and ECDSAP384SHA384). </t> <t> ECDSAP384SHA384 shares the same properties asECDSAP256SHA256ECDSAP256SHA256, but offers a modest security advantage over ECDSAP256SHA256 (192 bits of strength versus 128 bits). For most DNSSEC applications, ECDSAP256SHA256 should be satisfactory and robust for the foreseeablefuturefuture, and is therefore recommended for signing. While it is unlikely for a DNSSEC use case requiring 192-bit security strength to arise, ECDSA384SHA384 is provided for suchapplications,applications and it MAY be used for signing in these cases. </t> <t> ED25519 and ED448 usetheEdwards-curve Digital Security Algorithm (EdDSA). There are three main advantages ofEdDSA: itthe EdDSA algorithm: It does not require the use of a unique random number for each signature, there are no padding or truncation issues as with ECDSA, and it is more resilient to side-channel attacks. Furthermore, EdDSA cryptography is less prone to implementation errors (<xref target="RFC8032"/>, <xref target="RFC8080"/>). It is expected that ED25519 will become the future RECOMMENDED default algorithm once there's enough support for this algorithm in the deployed DNSSEC validators. </t> </section> <section anchor="algs_dnskey_recommendation" title="DNSKEY Algorithm Recommendation"> <t> Operation recommendation for new and existing deployments. </t> <t> Due totheindustry-wide trendtowardsto move to elliptic curve cryptography, the ECDSAP256SHA256 istheRECOMMENDED DNSKEY algorithm for use by new DNSSEC deployments, and users ofRSA-basedRSA based algorithms SHOULD upgrade to ECDSAP256SHA256. </t> </section> <section anchor="algs_ds" title="DS and CDS Algorithms"> <t>The following table lists the recommendationsRecommendations for Delegation Signer Digest Algorithms <xreftarget="DS-IANA"/>.target="DNSKEY-IANA"/> Theserecommendationsalso apply to theChild Delegation Signer (CDS)CDS RRTYPE as specified in <xreftarget="RFC7344"/>.target="RFC7344"/> </t> <texttable anchor="tbl_ds" suppress-title="true"> <ttcol align="left">Number</ttcol> <ttcol align="left">Mnemonics</ttcol> <ttcol align="left">DNSSEC Delegation</ttcol> <ttcol align="left">DNSSEC Validation</ttcol> <c>0</c><c>NULL (CDS only)</c><c>MUST NOT [*]</c><c>MUST NOT [*]</c> <c>1</c><c>SHA-1</c><c>MUSTNOT</c><c>MUST</c>NOT</c><c>SHOULD NOT</c> <c>2</c><c>SHA-256</c><c>MUST</c><c>MUST</c> <c>3</c><c>GOST R 34.11-94</c><c>MUSTNOT</c><c>MAY</c>NOT</c><c>MUST NOT</c> <c>4</c><c>SHA-384</c><c>MAY</c><c>RECOMMENDED</c> <postamble> [*] - This is a special type of CDS record signaling removal of DS at the parent in <xreftarget="RFC8078"/>.target="RFC8078"/> </postamble> </texttable> <t> NULL is a specialcase;case, see <xreftarget="RFC8078"/>.target="RFC8078"/> </t> <t> SHA-1 isstill widely usedin declining use forDelegation Signer (DS)DS records, so it is NOT RECOMMENDED for validatorsMUSTto implementvalidation, but itSHA-1 validation. SHA-1 MUST NOT be usedto generatein generating new DS and CDSrecords (see "<xref target="operation" format="title"/>"records. (See Operational Considerations for caveats when upgrading fromtheSHA-1 to SHA-256 DSalgorithm.)Algorithm.) </t> <t> SHA-256 iswidely usedin wide use and considered strong. </t> <t> GOST R 34.11-94 has been superseded by GOST R 34.11-2012 in <xref target="RFC6986"/>. The GOST R 34.11-2012has nothasn't been standardized for use in DNSSEC. </t> <t> SHA-384 shares the same properties asSHA-256SHA-256, but offers a modest security advantage overSHA-256 (384 bitsSHA-384 (384-bits of strength versus256 bits).256-bits). For most applications of DNSSEC, SHA-256 should be satisfactory and robust for the foreseeablefuturefuture, and is therefore recommended for DS and CDS records. While it is unlikely for a DNSSEC use case requiring 384-bit security strength to arise, SHA-384 is provided for suchapplications,applications and it MAY be used for generating DS and CDS records in these cases. </t> </section> <section anchor="algs_ds_recommendation" title="DS and CDS Algorithm Recommendation"> <t>An operationalOperation recommendation for new and existingdeployments:deployments. </t> <t> The SHA-256 istheRECOMMENDED DS and CDS algorithm. </t> </section> </section> <section anchor="security" title="Security Considerations"> <t> The security of cryptographic systems depends on both the strength of the cryptographic algorithms chosen and the strength of the keys used with those algorithms. The security also depends on the engineering of the protocol used by the system to ensure that there are no non-cryptographic ways to bypass the security of the overall system. </t> <t> This document concerns itself with the selection of cryptographic algorithms for the useinof DNSSEC, specifically with the selection of "mandatory-to-implement" algorithms. The algorithms identified in this document as MUST or RECOMMENDED to implement are not known to be broken(in the cryptographic sense)at the current time, and cryptographic research so far leads us to believe that they are likely to remain secure into the foreseeable future. However, this isn't necessarily forever, and it is expected that new revisions of this document will be issued from time to time to reflect the current best practices in this area. </t> <t> Retiring an algorithm too soon would result in a zone(signedsigned withathe retiredalgorithm)algorithm being downgraded to the equivalent of an unsigned zone. Therefore, algorithm deprecation must be done very slowly and only after careful consideration and measurement of its use. </t> </section> <section anchor="operation" title="Operational Considerations"> <t> DNSKEY algorithm rollover in a live zone is a complex process. See <xref target="RFC6781"/> and <xref target="RFC7583"/> for guidelines on how to perform algorithm rollovers. </t> <t> DS algorithm rollover in a live zone is also a complex process. Upgradinganalgorithm at the same time as rollingathe newKey Signing Key (KSK)KSK key will lead to DNSSEC validationfailures. Administratorsfailures, and users MUSTcomplete the process ofupgrade the DS algorithmupgradefirst beforestarting a rollover processrolling the Key Signing Key. </t> </section> <section anchor="implementations" title="Implementation Report"> <section anchor="implementations_dnskey" title="DNSKEY Algorithms"> <t>TODO: this needs updating, and current practice is to have this deleted at publication too.</t> <t> The following table contains the status of support in the open-source DNS signers and validators in the current released versions as of the time writing this document. Usually, the support fora new KSK.specific algorithm has to be also included in the cryptographic libraries that the software use. </t> <texttable anchor="tbl_implementations" suppress-title="true"> <ttcol align="left">Mnemonics</ttcol> <ttcol align="left">BIND</ttcol> <ttcol align="left">Knot DNS</ttcol> <ttcol align="left">OpenDNS</ttcol> <ttcol align="left">PowerDNS</ttcol> <ttcol align="left">Unbound</ttcol> <!-- Algorithm BIND Knot DNS ODNSSEC PDNS Unbound --> <c>RSAMD5</c> <c>Y</c> <c>N</c> <c>Y</c> <c>N</c> <c>N</c> <c>DSA</c> <c>Y</c> <c>N</c> <c>Y</c> <c>N</c> <c>Y</c> <c>RSASHA1</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>DSA-NSEC3-SHA1</c> <c>Y</c> <c>N</c> <c>Y</c> <c>N</c> <c>Y</c> <c>RSASHA1-NSEC3-SHA1</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>RSASHA256</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>RSASHA512</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>ECC-GOST</c> <c>N</c> <c>N</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>ECDSAP256SHA256</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>ECDSAP384SHA384</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>Y</c> <c>ED25519</c> <c>Y</c> <c>Y</c> <c>N</c> <c>Y</c> <c>Y</c> <c>ED448</c> <c>N</c> <c>N</c> <c>N</c> <c>Y</c> <c>Y</c> </texttable> </section> </section> <section anchor="iana" title="IANA Considerations"> <t>This documenthasmakes noIANA actions.</t>requests of IANA.</t> </section></middle> <back> <references title="Normative References"> &RFC2119; &RFC4034; &RFC5155; &RFC5702; &RFC6605; &RFC6979; &RFC6986; &RFC7344; &RFC8032; &RFC8078; &RFC8080; &RFC8174; </references> <references title="Informative References"> &RFC5933; &RFC6781; &RFC6944; &RFC7091; &RFC7583; <reference anchor="DNSKEY-IANA" target="http://www.iana.org/assignments/dns-sec-alg-numbers"> <front> <title>Domain Name System Security (DNSSEC) Algorithm Numbers</title> <author> <organization>IANA</organization> </author> <date /> </front> </reference> <reference anchor="DS-IANA" target="http://www.iana.org/assignments/ds-rr-types"> <front> <title>Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms</title> <author> <organization>IANA</organization> </author> <date /> </front> </reference> </references><section anchor="ack"title="Acknowledgements" numbered="no">title="Acknowledgements"> <t> This document borrows text from RFC 4307 by JeffreyI. SchillerI. Schiller of the Massachusetts Institute of Technology (MIT) andRFC 8247the 4307bis document by Yoav Nir, Tero Kivinen, PaulWouters,Wouters and Daniel Migault. Much of the original text has been copied verbatim. </t> <t> We wish to thank Michael Sinatra, Roland van Rijswijk-Deij, Olafur Gudmundsson, PaulHoffman, Evan Hunt,Hoffman andPeter YeeEvan Hunt for their imminent feedback. </t> <t> Kudos to Roy Arends for bringing the DS rollover issue tolight.the daylight. </t> </section> </middle> <!-- ====================================================================== --> <back> <references title="Normative References"> &RFC2119; </references> <references title="Informative References"> &RFC4034; &RFC5155; &RFC5702; &RFC5933; &RFC6605; &RFC6781; &RFC6944; &RFC6979; &RFC6986; &RFC7091; &RFC7344; &RFC7583; &RFC8032; &RFC8078; &RFC8080; <reference anchor="DNSKEY-IANA" target="http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml"> <front> <title>DNSKEY Algorithms</title> <author initials="" surname="" fullname=""> <organization /> </author> <date /> </front> </reference> <reference anchor="DS-IANA" target="http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml"> <front> <title>Delegation Signer Digest Algorithms</title> <author initials="" surname="" fullname=""> <organization /> </author> <date /> </front> </reference> </references> <!-- ====================================================================== --> <section anchor="changes" title="Changes since RFC8624"> <t>The following changes were made since RFC8624:</t> <t> <list style="symbols"> <t>Deprecated validation of all SHA-1 algorithms to SHOULD NOT.</t> <t>Deprecated validation all listed GOST algorithms to MUST NOT.</t> <t>Merged in RFC9157 updates.</t> <t>Added Wes Hardaker as an author</t> </list> </t> </section> </back> </rfc>