RFC 6975

Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC), July 2013

Canonical URL:
https://www.rfc-editor.org/rfc/rfc6975.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Authors:
S. Crocker
S. Rose
Stream:
IETF
Source:
dnsext (int)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC6975

Discuss this RFC: Send questions or comments to dnsext@ietf.org

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be generated using different algorithms. This document specifies a way for validating end-system resolvers to signal to a server which digital signature and hash algorithms they support. The extensions allow the signaling of new algorithm uptake in client code to allow zone administrators to know when it is possible to complete an algorithm rollover in a DNSSEC-signed zone.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×