
DNS SECURITY ALGORITHM NUMBERS - per [RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt]

The KEY, SIG, DNSKEY, RRSIG, and DS RRs use an 8-bit number used to identify the security
algorithm being used.

Some algorithms are usable only for zone signing (DNSSEC), some only for transaction security
mechanisms (SIG(0) and TSIG), and some for both.  Those usable for zone signing may appear in
DNSKEY, RRSIG, and DS RRs.  Those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.

Prior to [RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt], KEY and SIG RRs were also used
for zone signing (DNSSEC). [RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt] reserved KEY and 
SIG for SIG(0) and TSIG use only.

(last updated 12-Feb-2004)

                                                        Zone    Trans.
Number    Description                        Mnemonic   Signing   Sec.      Reference	
------    ------------------------------     --------   -------  ------     ---------
     0    Reserved                                                          [RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt]

     1    RSA/MD5                            RSAMD5        N       Y        [RFC2535,RFC2537]
                                                                             deprecated, see 5

     2    Diffie-Hellman                     DH            N       Y        [RFC2539]  

     3    DSA/SHA1                           DSA           Y       Y        [RFC2536,DSA,SHA-1]

     4    Reserved for Elliptic Curve        ECC       

     5    RSA/SHA-1                          RSASHA1       Y       Y        [RFC3110]  

 6-251    Unassigned (IETF Standards action required)

   252    Reserved for Indiret Keys          INDIRECT      N       N        [RFC2535]

   253    Private algorithms - domain name   PRIVATEDNS    Y       Y        [RFC2535]

   254    Private algorithms - OID           PRIVATEOID    Y       Y        [RFC2535]

   255    Reserved                                                          [RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt]

REFERENCES
----------

[RFC1321]  R. Rivest, "The MD5 Message-Digest Algorithm", April 1992.

[DSA]      Federal Information Processing Standards Publication (FIPS PUB) 186, 
           Digital Signature Standard, 18 May 1994.

[SHA-1]    Federal Information Processing Standards Publication (FIPS PUB) 180-1, 
           Secure Hash Standard, 17 April 1995.
           [Supersedes FIPS PUB 180 dated 11 May 1993.]

[RFC2535]  D. Eastlake, "Domain Name System Security Extensions",
           RFC 2535. March 1999.

[RFC2536]  D. Eastlake, "DSA KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2436, March 1999.

[RFC2537]  D. Eastlakd, "RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)",
           RFC 2537, March 1999.

[RFC2539]  D. Eastlake, "Storage of Diffie-Hellman Keys in the Domain Name System (DNS)",
           RFC 2539, March 1999.

[RFC3110]  D. Eastlake, "RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)",
           RFC 3110, May 2001.

[RFC-ietf-dnsext-dnssec-2535typecode-change-06.txt]
           S. Weiler, "Legacy Resolver Compatibility for Delegation Signer",
           RFC XXXX, Month Year.

(Registry created 2003-11-03)

[]



