4. Digest Algorithms Registry Column Values
Initial values for the use and implementation recommendation columns in the "Digest Algorithms" registry under the "DNSSEC Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms" registry group are shown in Table 3.
When there are multiple RECOMMENDED algorithms in the "Use for" columns, operators should choose the best algorithm according to local policy.
| Value | Description | Use for DNSSEC Delegation | Use for DNSSEC Validation | Implement for DNSSEC Delegation | Implement for DNSSEC Validation |
|---|---|---|---|---|---|
| 0 | NULL (CDS only) | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 1 | SHA-1 | MUST NOT | RECOMMENDED | MUST NOT | MUST |
| 2 | SHA-256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 3 | GOST R 34.11-94 | MUST NOT | MAY | MUST NOT | MAY |
| 4 | SHA-384 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 5 | GOST R 34.11-2012 | MAY | MAY | MAY | MAY |
| 6 | SM3 | MAY | MAY | MAY | MAY |
Table 3: Initial Values for the Digest Algorithms Registry Columns