RFC 6944, "Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status", April 2013

Note: This RFC has been obsoleted by RFC 8624

Errata ID: 4932
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Petr Špaček
Date Reported: 2017-02-12
Verifier Name: Terry Manderson
Date Verified: 2017-03-01

Section 3 says:

   This document lists the implementation status of cryptographic
   algorithms used with DNSSEC.  These algorithms are maintained in an
   IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
   Because this document establishes the implementation status of every
   algorithm, it has been listed as a reference for the registry itself.

It should say:

   This document lists the implementation status of cryptographic
   algorithms used with DNSSEC.  These algorithms are maintained in an
   IANA registry at http://www.iana.org/assignments/dns-sec-alg-numbers.
   Because this document establishes the implementation status of every
   algorithm, it has been listed as a reference for the registry itself.

   Given significance of status change of RSAMD5 algorithm, a reference
   to this RFC should be added to the registry.

Notes:

"RSAMD5 has an implementation status of Must Not Implement because of known weaknesses in MD5."

This is very important. An additional reference would lower likelihood that DNS Implementors will overlook the important piece of information.

Report New Errata