[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Q2: crypto algorithm requirements for DNSSEC

To: <namedroppers@ops.ietf.org>
Subject: Q2: crypto algorithm requirements for DNSSEC
From: "Scott Rose" <scottr@nist.gov>
Date: Tue, 11 Feb 2003 07:40:23 -0500

There have been previous updates to the requirement levels of the
cryptographic algorithms for DNSSEC (RFC 3110 updating RFC2535 for example).
There has been previous talk on this list regarding dropping DSA as a
mandatory to implement algorithm.  Instead of writing a whole RFC just to
propose making DSA optional and RSA/SHA1 the only required algorithm, it
would be nice to seek consensus here.

In other words, the new algorithm table from 2535 and 3110 would look like:

code            name
0                reserved
1                RSA/MD5        NOT RECOMMENDED
2                D-H                  OPTIONAL
3                DSA                 OPTIONAL
4                ECC(reserved)    OPTIONAL
5                RSA/SHA1        REQUIRED
6-251         available for assignment
252            indirect                OPTIONAL
253            private
254            private
255            reserved


Q:  Is the change of DSA to OPTIONAL  acceptable?  That will leave only
RSA/SHA1 as the only mandatory to implement algorithm.



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q2: crypto algorithm requirements for DNSSEC
  - From: Mark.Andrews@isc.org
- Re: Q2: crypto algorithm requirements for DNSSEC
  - From: Jakob Schlyter <jakob@crt.se>

Prev by Date: Q1: Should we allow name compression in the RDATA of DNSSEC RRs?
Next by Date: Re: Q1: Should we allow name compression in the RDATA of DNSSECRRs?
Previous by thread: Q1: Should we allow name compression in the RDATA of DNSSEC RRs?
Next by thread: Re: Q2: crypto algorithm requirements for DNSSEC
Index(es):
- Date
- Thread