3. DNS Security Algorithm Numbers レジストリ列値
「Domain Name System Security (DNSSEC) Algorithm Numbers」レジストリグループの下にある「DNS Security Algorithm Numbers」レジストリの使用および実装推奨列の初期値を表2に示します。
「Use for」列に複数のRECOMMENDEDアルゴリズムがある場合、運用者はローカルポリシーに従って最適なアルゴリズムを選択する必要があります。
| No. | Mnemonics | Use for DNSSEC Signing | Use for DNSSEC Validation | Implement for DNSSEC Signing | Implement for DNSSEC Validation |
|---|---|---|---|---|---|
| 1 | RSAMD5 | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 3 | DSA | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 5 | RSASHA1 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 6 | DSA-NSEC3-SHA1 | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 7 | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 8 | RSASHA256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 10 | RSASHA512 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 12 | ECC-GOST | MUST NOT | MAY | MUST NOT | MAY |
| 13 | ECDSAP256SHA256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 14 | ECDSAP384SHA384 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 15 | ED25519 | RECOMMENDED | RECOMMENDED | RECOMMENDED | RECOMMENDED |
| 16 | ED448 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 17 | SM2SM3 | MAY | MAY | MAY | MAY |
| 23 | ECC-GOST12 | MAY | MAY | MAY | MAY |
| 253 | PRIVATEDNS | MAY | MAY | MAY | MAY |
| 254 | PRIVATEOID | MAY | MAY | MAY | MAY |
表2: DNS Security Algorithm Numbers レジストリ列の初期値