DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates

Document Type Expired Internet-Draft (individual)
Authors Roy Arends  , Jakob Schlyter  , Matt Larson 
Last updated 2017-09-14 (latest revision 2017-03-13)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DNS Security Extensions (DNSSEC) require the use of cryptographic algorithm suites for generating digital signatures and cryptographic hashes over DNS data. The algorithms specified for use with DNSSEC are reflected in IANA registries. This document updates some entries in these registries. The main reason for these updates is to retire the use of SHA1.


Roy Arends (roy.arends@icann.org)
Jakob Schlyter (jakob@kirei.se)
Matt Larson (matt.larson@icann.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)