Skip to main content

5. IANA Considerations

IANA has updated the SHA-1 (1) entry in the "Digest Algorithms" registry [DS-IANA] [RFC9904] as follows and has added this document as a reference for the entry:

  • Value: 1
  • Description: SHA-1
  • Use for DNSSEC Delegation: MUST NOT
  • Use for DNSSEC Validation: RECOMMENDED
  • Implement for DNSSEC Delegation: MUST NOT
  • Implement for DNSSEC Validation: MUST

IANA has updated the RSASHA1 (5) and RSASHA1-NSEC3-SHA1 (7) algorithm entries in the "DNS Security Algorithm Numbers" registry [DNSKEY-IANA] [RFC9904] as follows and has added this document as a reference for the entries:

Number: 5
Description: RSA/SHA-1
Mnemonic: RSASHA1
Zone Signing: Y
Trans. Sec.: Y
Use for DNSSEC Signing: MUST NOT
Use for DNSSEC Validation: RECOMMENDED
Implement for DNSSEC Signing: NOT RECOMMENDED
Implement for DNSSEC Validation: MUST

Number: 7
Description: RSASHA1-NSEC3-SHA1
Mnemonic: RSASHA1-NSEC3-SHA1
Zone Signing: Y
Trans. Sec.: Y
Use for DNSSEC Signing: MUST NOT
Use for DNSSEC Validation: RECOMMENDED
Implement for DNSSEC Signing: NOT RECOMMENDED
Implement for DNSSEC Validation: MUST

Last updated on