
DNS SECURITY ALGORITHM NUMBERS

(last updated 2001-05-21)

DNS KEY and SIG RRs [RFC2535] use an 8-bit number used to identify
the security algorithm being used:


Number       Description			Reference	
---------    ------------------------------     ---------
    0        Reserved

    1        RSA/MD5                            [RFC2537,RFC1321]
                                                deprecated, see 5

    2        Diffie-Hellman                     [RFC2539]  

    3        DSA/SHA1                           [RFC2536,DSA,SHA-1]

    4        Reserved for Elliptic Curve Crypto

    5        RSA/SHA-1                          [RFC3110]  

6 - 251      Reserved by the IANA

  252        Reserved for indirect keys		[RFC2535]

  253        Private algorithms - domain name	[RFC2535]

  254        Private algorithms - OID		[RFC2535]

  255        Reserved


REFERENCES
----------

[RFC1321]  R. Rivest, "The MD5 Message-Digest Algorithm",
           RFC 1321, April 1992.

[RFC2535]  D. Eastlake, "Domain Name System Security Extensions",
           RFC 2535. March 1999.

[RFC2536]  D. Eastlake, "DSA KEYs and SIGs in the Domain Name
           System (DNS)", RFC 2436, March 1999.

[RFC2537]  D. Eastlake, "RSA/MD5 KEYs and SIGs in the Domain
           Name System (DNS)", RFC 2537, March 1999.

[RFC2539]  D. Eastlake, "Storage of Diffie-Hellman Keys in the
           Domain Name System (DNS)", RFC 2539, March 1999.

[RFC3110]  D. Eastlake, "RSA/SHA-1 SIGs and RSA KEYs in the 
           Domain Name System (DNS)", RFC 3110, May 2001.

[DSA]      Federal Information Processing Standards Publication
           (FIPS PUB) 186, Digital Signature Standard, 18 May 1994.

[SHA-1]    Federal Information Processing Standards Publication
           (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.
           [Supersedes FIPS PUB 180 dated 11 May 1993.]

[]



