RFC Errata
RFC 8624, "Algorithm Implementation Requirements and Usage Guidance for DNSSEC", June 2019
Note: This RFC has been updated by RFC 9157
Source of RFC: dnsop (ops)
Errata ID: 8144
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Robert Wagner
Date Reported: 2024-10-16
Section 3.3 says:
This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms". The registry has been updated by the following table from section 3.3: +--------+-----------------+-------------------+-------------------+ | Number | Mnemonics | DNSSEC Delegation | DNSSEC Validation | +--------+-----------------+-------------------+-------------------+ | 0 | NULL (CDS only) | MUST NOT [*] | MUST NOT [*] | | 1 | SHA-1 | MUST NOT | MUST | | 2 | SHA-256 | MUST | MUST | | 3 | GOST R 34.11-94 | MUST NOT | MAY | | 4 | SHA-384 | MAY | RECOMMENDED | +--------+-----------------+-------------------+-------------------+
It should say:
This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms". The registry has been updated by the following table from section 3.3: +--------+-----------------+-------------------+-------------------+ | Number | Mnemonics | DNSSEC Delegation | DNSSEC Validation | +--------+-----------------+-------------------+-------------------+ | 0 | NULL (CDS only) | MUST NOT [*] | MUST NOT [*] | | 1 | SHA-1 | MUST NOT | MUST | | 2 | SHA-256 | MUST | MUST | | 3 | GOST R 34.11-94 | MUST NOT | MAY | | 4 | SHA-384 | MAY | RECOMMENDED | | 5 | SHA-512 | MAY | MAY | +--------+-----------------+-------------------+-------------------+
Notes:
Requesting DNSSEC be allowed to fully support the
Commercial National Security Algorithm Suite 2.0 - series of hashes.
This is part of NISTs Post Quantum Cryptography effort