RFC Errata
RFC 6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status", April 2013
Note: This RFC has been obsoleted by RFC 8624
Source of RFC: dnsext (int)See Also: RFC 6944 w/ inline errata
Errata ID: 4932
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Petr Špaček
Date Reported: 2017-02-12
Verifier Name: Terry Manderson
Date Verified: 2017-03-01
Section 3 says:
This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself.
It should say:
This document lists the implementation status of cryptographic algorithms used with DNSSEC. These algorithms are maintained in an IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers. Because this document establishes the implementation status of every algorithm, it has been listed as a reference for the registry itself. Given significance of status change of RSAMD5 algorithm, a reference to this RFC should be added to the registry.
Notes:
"RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5."
This is very important. An additional reference would lower likelihood that DNS Implementors will overlook the important piece of information.