
DNS SECURITY ALGORITHM NUMBERS - per [RFC3755]

(last updated 24 January 2006)

The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used
to identify the security algorithm being used.

All algorithm numbers in this registry may be used in CERT RRs. Zone
zigning (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG)
make use of particular subsets of these algorithms. Only algorithms
usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs.
Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.


                                                        Zone    Trans.
Number    Description                        Mnemonic   Signing   Sec.      Reference	
------    ------------------------------     --------   -------  ------     ---------
     0    Reserved                                                          [RFC-ietf-dnsext-rfc2538bis-09.txt]

     1    RSA/MD5                            RSAMD5        N       Y        [RFC2535,RFC2537]
                                                                             deprecated, see 5

     2    Diffie-Hellman                     DH            N       Y        [RFC2539]  

     3    DSA/SHA1                           DSA           Y       Y        [RFC2536,DSA,SHA-1]

     4    Reserved for Elliptic Curve        ECC       

     5    RSA/SHA-1                          RSASHA1       Y       Y        [RFC3110]  

 6-251    Unassigned (IETF Standards action required)

   252    Reserved for Indiret Keys          INDIRECT      N       N        [RFC2535]

   253    Private algorithms - domain name   PRIVATEDNS    Y       Y        [RFC2535][RFC4034]

   254    Private algorithms - OID           PRIVATEOID    Y       Y        [RFC2535][RFC4034]

   255    Reserved                                                          [RFC3755]

REFERENCES
----------

[RFC1321]  R. Rivest, "The MD5 Message-Digest Algorithm", April 1992.

[DSA]      Federal Information Processing Standards Publication (FIPS PUB) 186, 
           Digital Signature Standard, 18 May 1994.

[SHA-1]    Federal Information Processing Standards Publication (FIPS PUB) 180-1, 
           Secure Hash Standard, 17 April 1995.
           [Supersedes FIPS PUB 180 dated 11 May 1993.]

[RFC2535]  D. Eastlake, "Domain Name System Security Extensions",
           RFC 2535. March 1999.

[RFC2536]  D. Eastlake, "DSA KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2436, March 1999.

[RFC2537]  D. Eastlakd, "RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2537, March 1999.

[RFC2539]  D. Eastlake, "Storage of Diffie-Hellman Keys in the Domain Name System (DNS)",
           RFC 2539, March 1999.

[RFC3110]  D. Eastlake, "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)",
           RFC 3110, May 2001.

[RFC3755]  S. Weiler, "Legacy Resolver Compatibility for Delegation Signer",
           RFC 3755, May 2004.

[RFC4034]  R. Arends, R. Austein, M. Larson, D. Massey and S. Rose, "Resource 
           Records for the DNS Security Extensions", RFC 4034, March 2005.

[RFC-ietf-dnsext-rfc2538bis-09.txt]
           S. Josefsson, "Storing Certificates in the Domain Name System (DNS)",
           RFC XXXX, Month Year.
		   

(Registry created 3 November 2003)

[]



