4. 摘要算法注册表列值 (Digest Algorithms Registry Column Values)
"DNSSEC 委派签名者 (DS) 资源记录 (RR) 类型摘要算法"注册表组下的"摘要算法"注册表中使用和实现推荐列的初始值如表 3 所示。
当"用于"列中有多个 RECOMMENDED (推荐) 算法时,运营者应根据本地策略选择最佳算法。
| 值 | 描述 | 用于 DNSSEC 委派 | 用于 DNSSEC 验证 | 实现用于 DNSSEC 委派 | 实现用于 DNSSEC 验证 |
|---|---|---|---|---|---|
| 0 | NULL (仅 CDS) | MUST NOT | MUST NOT | MUST NOT | MUST NOT |
| 1 | SHA-1 | MUST NOT | RECOMMENDED | MUST NOT | MUST |
| 2 | SHA-256 | RECOMMENDED | RECOMMENDED | MUST | MUST |
| 3 | GOST R 34.11-94 | MUST NOT | MAY | MUST NOT | MAY |
| 4 | SHA-384 | MAY | RECOMMENDED | MAY | RECOMMENDED |
| 5 | GOST R 34.11-2012 | MAY | MAY | MAY | MAY |
| 6 | SM3 | MAY | MAY | MAY | MAY |
表 3: 摘要算法注册表列的初始值