DNS SECURITY ALGORITHM NUMBERS 

(last updated 2007-12-18)

Registries included below:
- DNS Security Algorithm Numbers

Registry Name: DNS Security Algorithm Numbers
Reference: [RFC3755]
Registration Procedures: IETF Standards Action 

Note:
The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used
to identify the security algorithm being used.

All algorithm numbers in this registry may be used in CERT RRs. Zone
zigning (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG)
make use of particular subsets of these algorithms. Only algorithms
usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs.
Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.

Registry:
                                                               Zone     Trans.
Number  Description                        Mnemonic            Signing  Sec.    Reference	
------  ---------------------------------  --------------      -------  ------  ---------
0       Reserved                                                                [RFC4398]
1       RSA/MD5 (deprecated, see 5)        RSAMD5              N        Y       [RFC2535][RFC2537]
2       Diffie-Hellman                     DH                  N        Y       [RFC2539]  
3       DSA/SHA1                           DSA                 Y        Y       [RFC2536][DSA][SHA-1]
4       Reserved for Elliptic Curve        ECC             
5       RSA/SHA-1                          RSASHA1             Y        Y       [RFC3110]  
6       DSA-NSEC3-SHA1                     DSA-NSEC3-SHA1      Y        Y       [RFC-ietf-dnsext-nsec3-13.txt]
7       RSASHA1-NSEC3-SHA1                 RSASHA1-NSEC3-SHA1  Y        Y       [RFC-ietf-dnsext-nsec3-13.txt]
8-251   Unassigned 
252     Reserved for Indiret Keys          INDIRECT            N        N       [RFC2535]
253     Private algorithms - domain name   PRIVATEDNS          Y        Y       [RFC2535][RFC4034]
254     Private algorithms - OID           PRIVATEOID          Y        Y       [RFC2535][RFC4034]
255     Reserved                                                                [RFC3755]


References
----------
[RFC1321]  R. Rivest, "The MD5 Message-Digest Algorithm", April 1992.

[DSA]      Federal Information Processing Standards Publication (FIPS PUB) 186, 
           Digital Signature Standard, 18 May 1994.

[SHA-1]    Federal Information Processing Standards Publication (FIPS PUB) 180-1, 
           Secure Hash Standard, 17 April 1995.
           [Supersedes FIPS PUB 180 dated 11 May 1993.]

[RFC2535]  D. Eastlake, "Domain Name System Security Extensions",
           RFC 2535. March 1999.

[RFC2536]  D. Eastlake, "DSA KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2436, March 1999.

[RFC2537]  D. Eastlakd, "RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2537, March 1999.

[RFC2539]  D. Eastlake, "Storage of Diffie-Hellman Keys in the Domain Name System (DNS)",
           RFC 2539, March 1999.

[RFC3110]  D. Eastlake, "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)",
           RFC 3110, May 2001.

[RFC3755]  S. Weiler, "Legacy Resolver Compatibility for Delegation Signer",
           RFC 3755, May 2004.

[RFC4034]  R. Arends, R. Austein, M. Larson, D. Massey and S. Rose, "Resource 
           Records for the DNS Security Extensions", RFC 4034, March 2005.

[RFC4398]  S. Josefsson, "Storing Certificates in the Domain Name System (DNS)",
           RFC 4398, March 2006.

[RFC-ietf-dnsext-nsec3-13.txt]
           B. Laurie, G. Sisson, R. Arends, D. Blacka, "DNSSEC Hashed 
           Authenticated Denial of Existence", RFC XXXX, Month Year.


(Registry created 2003-11-03)

[]



