3. DNS 安全算法编号注册表列值 (DNS Security Algorithm Numbers Registry Column Values)
"域名系统安全 (DNSSEC) 算法编号"注册表组下的"DNS 安全算法编号"注册表中使用和实现推荐列的初始值如表 2 所示。
当"用于"列中有多个 RECOMMENDED (推荐) 算法时,运营者应根据本地策略选择最佳算法。
| 编号 | 助记符 | 用于 DNSSEC 签名 | 用于 DNSSEC 验证 | 实现用于 DNSSEC 签名 | 实现用于 DNSSEC 验证 |
|---|---|---|---|---|---|
| 1 | RSAMD5 | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 3 | DSA | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 5 | RSASHA1 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 6 | DSA-NSEC3-SHA1 | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 7 | RSASHA1-NSEC3-SHA1 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 8 | RSASHA256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 10 | RSASHA512 | NOT RECOMMENDED | RECOMMENDED | NOT RECOMMENDED | MUST |
| 12 | ECC-GOST | MUST NOT | MAY | MUST NOT | MAY |
| 13 | ECDSAP256SHA256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 14 | ECDSAP384SHA384 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 15 | ED25519 | RECOMMENDED | RECOMMENDED | RECOMMENDED | RECOMMENDED |
| 16 | ED448 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 17 | SM2SM3 | MAY | MAY | MAY | MAY |
| 23 | ECC-GOST12 | MAY | MAY | MAY | MAY |
| 253 | PRIVATEDNS | MAY | MAY | MAY | MAY |
| 254 | PRIVATEOID | MAY | MAY | MAY | MAY |
表 2: DNS 安全算法编号注册表列的初始值