Domain Name System Security (DNSSEC) Algorithm Numbers

Domain Name System Security (DNSSEC) Algorithm Numbers 2003-11-03 2017-03-10 DNS Security Algorithm Numbers RFC Required The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used to identify the security algorithm being used. All algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. Only algorithms usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs. Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs. * There has been no determination of standardization of the use of this algorithm with Transaction Security. 0 Delete DS DELETE N N 1 RSA/MD5 (deprecated, see 5) RSAMD5 N Y 2 Diffie-Hellman DH N Y proposed standard 3 DSA/SHA1 DSA Y Y proposed standard proposed standard Federal Information Processing Standards Publication (FIPS PUB) 186, Digital Signature Standard, 18 May 1994. Federal Information Processing Standards Publication (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995. (Supersedes FIPS PUB 180 dated 11 May 1993.) 4 Reserved 5 RSA/SHA-1 RSASHA1 Y Y 6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y proposed standard 7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y proposed standard 8 RSA/SHA-256 RSASHA256 Y * proposed standard 9 Reserved 10 RSA/SHA-512 RSASHA512 Y * proposed standard 11 Reserved 12 GOST R 34.10-2001 ECC-GOST Y * standards track 13 ECDSA Curve P-256 with SHA-256 ECDSAP256SHA256 Y * standards track 14 ECDSA Curve P-384 with SHA-384 ECDSAP384SHA384 Y * standards track 15 Ed25519 ED25519 Y * standards track 16 Ed448 ED448 Y * standards track 17-122 Unassigned 123-251 Reserved 252 Reserved for Indirect Keys INDIRECT N N proposed standard 253 private algorithm PRIVATEDNS Y Y 254 private algorithm OID PRIVATEOID Y Y 255 Reserved proposed standard DNS KEY Record Diffie-Hellman Prime Lengths IETF Review 0 Unassigned 1 index into well-known table 2 index into well-known table 3-15 Unassigned DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs 0x0000-0x07ff Standards Action 0x0800-0xbfff RFC Required 0x0000 Unassigned 0x0001 Well-Known Group 1: A 768 bit prime 0x0002 Well-Known Group 2: A 1024 bit prime 0x0003-0xbfff Unassigned 0xc000-0xffff Private Use