< draft-ietf-dnsext-dnssec-algo-imp-status-01.txt		draft-ietf-dnsext-dnssec-algo-imp-status-02.txt >
	DNS Extensions Working Group S. Rose		DNS Extensions Working Group S. Rose
	Internet-Draft NIST		Internet-Draft NIST
	Updates: 2536, 2539, 3110, 4034, 4398, March 26, 2012		Updates: 2536, 2539, 3110, 4034, 4398, April 19, 2012
	5155, 5702, 5933 (if approved)		5155, 5702, 5933 (if approved)
	Intended status: BCP		Intended status: BCP
	Expires: September 27, 2012		Expires: October 21, 2012
	Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm		Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm
	Implementation Status		Implementation Status
	draft-ietf-dnsext-dnssec-algo-imp-status-01		draft-ietf-dnsext-dnssec-algo-imp-status-02
	Abstract		Abstract
	The DNS Security Extensions (DNSSEC) requires the use of		The DNS Security Extensions (DNSSEC) requires the use of
	cryptographic algorithm suites for generating digital signatures over		cryptographic algorithm suites for generating digital signatures over
	DNS data. There is currently an IANA registry for these algorithms		DNS data. There is currently an IANA registry for these algorithms
	that is incomplete in that it lacks the recommended implementation		that is incomplete in that it lacks the recommended implementation
	status of each algorithm. This document provides an applicability		status of each algorithm. This document provides an applicability
	statement on algorithm implementation status for DNSSEC component		statement on algorithm implementation status for DNSSEC component
	software. This document lists each algorithm's status based on the		software. This document lists each algorithm's status based on the
	skipping to change at page 1, line 41 ¶		skipping to change at page 1, line 41 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on September 27, 2012.		This Internet-Draft will expire on October 21, 2012.
	Copyright Notice		Copyright Notice
	Copyright (c) 2012 IETF Trust and the persons identified as the		Copyright (c) 2012 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 44 ¶		skipping to change at page 3, line 44 ¶
	"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document		"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
	are to be interpreted as described in [RFC2119].		are to be interpreted as described in [RFC2119].
	2. The DNS Security Algorithm Implementation Status Lists		2. The DNS Security Algorithm Implementation Status Lists
	2.1. Algorithm Implementation Status Assignement Rationale		2.1. Algorithm Implementation Status Assignement Rationale
	The status of RSASHA1-NSEC3-SHA1 is set to RECOMMENDED TO IMPLEMENT		The status of RSASHA1-NSEC3-SHA1 is set to RECOMMENDED TO IMPLEMENT
	as major deployments (such as the root zone) use NSEC3 [ROOTDPS].		as major deployments (such as the root zone) use NSEC3 [ROOTDPS].
	The status of RSA/SHA-256 and RSA/SHA-512 are also set to RECOMMENDED		The status of RSA/SHA-256 and RSA/SHA-512 are also set to RECOMMENDED
	TO IMPLEMENT as it is believed that these algorithms will replace an		TO IMPLEMENT as it is believed that these algorithms will replace
	older algorithm (e.g. RSA/SHA-1) that have a perceived weakness in		older algorithms (e.g. RSA/SHA-1) that have a perceived weakness or
	its hash algorithm (SHA-1) as well as seen in major deployments.		these recommended algorithms are seen in major deployments.
	All other algorithms used in DNSSEC specified without an		All other algorithms used in DNSSEC specified without an
	implementation status are currently set to OPTIONAL.		implementation status are currently set to OPTIONAL.
	2.2. DNSSEC Implementation Status Table		2.2. DNSSEC Implementation Status Table
	The DNSSEC algorithm implementation status table is listed below.		The DNSSEC algorithm implementation status table is listed below.
	Only the algorithms already specified for use with DNSSEC (at the		Only the algorithms already specified for use with DNSSEC (at the
	time of writing) are listed.		time of writing) are listed.
	+------------+------------+-----------------+-------------------+		+------------+------------+-------------------+-------------------+
	| MUST | MUST NOT | RECOMMENDED | OPTIONAL |		| MUST | MUST NOT | RECOMMENDED | OPTIONAL |
	| IMPLEMENT | IMPLEMENT | TO IMPLEMENT | |		| IMPLEMENT | IMPLEMENT | TO IMPLEMENT | |
	+------------+------------+-----------------+-------------------+		+------------+------------+-------------------+-------------------+
	| | | | |		| | | | |
	| RSASHA1 | RSAMD5 | RSASHA256 | DSASHA1 |		| RSASHA1 | RSAMD5 | RSASHA256 | DSASHA1 |
	| | | RSASHA1-NSEC3 | DH |		| | | RSASHA1-NSEC3 | DH |
	| | | -SHA1 | DSA-NSEC3-SHA1 |		| | | -SHA1 | DSA-NSEC3-SHA1 |
	| | | RSASHA512 | GOST-ECC |		| | | RSASHA512 | GOST-ECC |
	| | | | ECDSAP256SHA256 |		| | | ECDSAP256SHA256 | |
	| | | | ECDSAP384SHA384 |		| | | ECDSAP384SHA384 | |
	+------------+------------+-----------------+-------------------+		+------------+------------+-------------------+-------------------+
	This table does not list the Reserved values in the IANA registry		This table does not list the Reserved values in the IANA registry
	table or the values for INDIRECT (252), PRIVATE (253) and PRIVATEOID		table or the values for INDIRECT (252), PRIVATE (253) and PRIVATEOID
	(254). These values may relate to more than one algorithm and are		(254). These values may relate to more than one algorithm and are
	therefore up to the implementer's discretion. Their implementation		therefore up to the implementer's discretion. Their implementation
	(or lack thereof) therefore cannot be included when judging		(or lack thereof) therefore cannot be included when judging
	compliance to this document.		compliance to this document.
	2.3. Specifying New Algorithms and Updating Status of Existing Entries		2.3. Specifying New Algorithms and Updating Status of Existing Entries
	[RFC6014] establishes a parallel procedure for adding a registry		[RFC6014] establishes a parallel procedure for adding a registry
	entry for a new algorithm other than a standards track document.		entry for a new algorithm other than a standards track document.
	Algorithms entered into the registry using that procedure are to be		Algorithms entered into the registry using that procedure are to be
	considered OPTIONAL for implementation purposes. Specifications that		considered OPTIONAL for implementation purposes. Specifications that
	follow this path do not need to obsolete or update this document.		follow this path do not need to obsolete or update this document.
	Adding a newly specified algorithm to the registry with a		Adding a newly specified algorithm to the registry with an
	implementation status other than OPTIONAL SHALL entail obsolescing		implementation status other than OPTIONAL SHALL entail making this
	this document and replacing the table in Section 2.2 (with the new		document obsolete and replacing the table in Section 2.2 (with the
	algorithm entry). Altering the status column value of any existing		new algorithm entry). Altering the status value of any existing
	algorithm in the registry SHALL entail obsolescing this document and		algorithm in the registry SHALL entail making this document obsolete
	replacing the table in Section 2.2 above.		and replacing the table in Section 2.2 above.
	This document cannot be updated, only made obsolete and replaced by a		This document cannot be updated, only made obsolete and replaced by a
	successor document.		successor document.
	3. IANA Considerations		3. IANA Considerations
	This document lists the implementation status of cryptographic		This document lists the implementation status of cryptographic
	algorithms used with DNSSEC. These algorithms are maintained in an		algorithms used with DNSSEC. These algorithms are maintained in an
	IANA registry. There are no changes to the registry in this		IANA registry. There are no changes to the registry in this
	document. However this document asks to be listed as a reference for		document. However this document asks to be listed as a reference for
End of changes. 7 change blocks.
	25 lines changed or deleted		25 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/