1. Introduction

The security of the protection provided by the SHA-1 algorithm [RFC3174] has been slowly diminishing over time as various forms of attacks have weakened its cryptographic underpinning. DNSSEC [RFC9364] (originally defined in [RFC3110]) made extensive use of SHA-1, for example, as a cryptographic hash algorithm in Resource Record Signature (RRSIG) and Delegation Signer (DS) records. Since then, multiple other algorithms with stronger cryptographic strength have become widely available for DS records and for RRSIG and DNS Public Key (DNSKEY) records [RFC4034]. Operators are encouraged to consider switching to one of the recommended algorithms listed in the "DNS Security Algorithm Numbers" [DNSKEY-IANA] and "DNS Security Algorithm Numbers" [DS-IANA] registries, respectively. Further, support for validating SHA-1-based signatures has been removed from some systems. As a result, SHA-1 as part of a signature algorithm is no longer fully interoperable in the context of DNSSEC. As adequate alternatives exist, the use of SHA-1 is no longer advisable.

This document thus deprecates the use of RSASHA1 and RSASHA1-NSEC3-SHA1 for DNS Security Algorithms.

1.1 Requirements Notation

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

---