RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8624, "Algorithm Implementation Requirements and Usage Guidance for DNSSEC", June 2019

Note: This RFC has been updated by RFC 9157

Source of RFC: dnsop (ops)

Errata ID: 8144
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Robert Wagner
Date Reported: 2024-10-16

Section 3.3 says:

 This document updates the IANA registry "Delegation Signer (DS) Resource
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   +--------+-----------------+-------------------+-------------------+

It should say:

This document updates the IANA registry "Delegation Signer (DS) Resource
   Record (RR) Type Digest Algorithms". The registry has been updated by
   the following table from section 3.3:

   +--------+-----------------+-------------------+-------------------+
   | Number | Mnemonics       | DNSSEC Delegation | DNSSEC Validation |
   +--------+-----------------+-------------------+-------------------+
   | 0      | NULL (CDS only) | MUST NOT [*]      | MUST NOT [*]      |
   | 1      | SHA-1           | MUST NOT          | MUST              |
   | 2      | SHA-256         | MUST              | MUST              |
   | 3      | GOST R 34.11-94 | MUST NOT          | MAY               |
   | 4      | SHA-384         | MAY               | RECOMMENDED       |
   | 5      | SHA-512         | MAY               | MAY               |
   +--------+-----------------+-------------------+-------------------+

Notes:

Requesting DNSSEC be allowed to fully support the
Commercial National Security Algorithm Suite 2.0 - series of hashes.
This is part of NISTs Post Quantum Cryptography effort

Report New Errata



Advanced Search