The following errata report has been submitted for RFC8624, "Algorithm Implementation Requirements and Usage Guidance for DNSSEC".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid8144 -------------------------------------- Type: Technical Reported by: Robert Wagner <rwag...@tesla.net> Section: 3.3 Original Text ------------- This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms". The registry has been updated by the following table from section 3.3: +--------+-----------------+-------------------+-------------------+ | Number | Mnemonics | DNSSEC Delegation | DNSSEC Validation | +--------+-----------------+-------------------+-------------------+ | 0 | NULL (CDS only) | MUST NOT [*] | MUST NOT [*] | | 1 | SHA-1 | MUST NOT | MUST | | 2 | SHA-256 | MUST | MUST | | 3 | GOST R 34.11-94 | MUST NOT | MAY | | 4 | SHA-384 | MAY | RECOMMENDED | +--------+-----------------+-------------------+-------------------+ Corrected Text -------------- This document updates the IANA registry "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms". The registry has been updated by the following table from section 3.3: +--------+-----------------+-------------------+-------------------+ | Number | Mnemonics | DNSSEC Delegation | DNSSEC Validation | +--------+-----------------+-------------------+-------------------+ | 0 | NULL (CDS only) | MUST NOT [*] | MUST NOT [*] | | 1 | SHA-1 | MUST NOT | MUST | | 2 | SHA-256 | MUST | MUST | | 3 | GOST R 34.11-94 | MUST NOT | MAY | | 4 | SHA-384 | MAY | RECOMMENDED | | 5 | SHA-512 | MAY | MAY | +--------+-----------------+-------------------+-------------------+ Notes ----- Requesting DNSSEC be allowed to fully support the Commercial National Security Algorithm Suite 2.0 - series of hashes. This is part of NISTs Post Quantum Cryptography effort Instructions: ------------- This erratum is currently posted as "Reported". (If it is spam, it will be removed shortly by the RFC Production Center.) Please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party will log in to change the status and edit the report, if necessary. -------------------------------------- RFC8624 (draft-ietf-dnsop-algorithm-update-10) -------------------------------------- Title : Algorithm Implementation Requirements and Usage Guidance for DNSSEC Publication Date : June 2019 Author(s) : P. Wouters, O. Sury Category : PROPOSED STANDARD Source : Domain Name System Operations Stream : IETF Verifying Party : IESG _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
