                                                Domain Name System Security (DNSSEC) Algorithm Numbers

   Created
           2003-11-03

   Last Updated
           2009-04-03

   This registry is also available in XML and plain text formats.

   Registry included below

     * DNS Security Algorithm Numbers

DNS Security Algorithm Numbers

   Reference
           [RFC4034][RFC3755]

   Note

 The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used
 to identify the security algorithm being used.

 All algorithm numbers in this registry may be used in CERT RRs. Zone
 zigning (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG)
 make use of particular subsets of these algorithms. Only algorithms
 usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs.
 Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.

   Registration Procedures
           IETF Standards Action

   Number           Description                 Mnemonic       Zone   Trans.                               Reference
                                                              Signing  Sec.
     0    Reserved                                                           [RFC4398]
     1    RSA/MD5 (deprecated, see 5)      RSAMD5                N      Y    [RFC4034][RFC2537]
     2    Diffie-Hellman                   DH                    N      Y    [RFC2539]
                                                                             [RFC3755][RFC2536][Federal Information Processing Standards
                                                                             Publication (FIPS PUB) 186, Digital Signature Standard, 18 May
     3    DSA/SHA1                         DSA                   Y      Y    1994.][Federal Information Processing Standards Publication (FIPS PUB)
                                                                             180-1, Secure Hash Standard, 17 April 1995. (Supersedes FIPS PUB 180
                                                                             dated 11 May 1993.)]
     4    Reserved for Elliptic Curve      ECC
     5    RSA/SHA-1                        RSASHA1               Y      Y    [RFC3755][RFC3110]
     6    DSA-NSEC3-SHA1                   DSA-NSEC3-SHA1        Y      Y    [RFC5155]
     7    RSASHA1-NSEC3-SHA1               RSASHA1-NSEC3-SHA1    Y      Y    [RFC5155]
   8-251  Unassigned
    252   Reserved for Indirect Keys       INDIRECT              N      N    [RFC4034]
    253   Private algorithms - domain name PRIVATEDNS            Y      Y    [RFC3755][RFC2535]
    254   Private algorithms - OID         PRIVATEOID            Y      Y    [RFC3755][RFC2535]
    255   Reserved                                                           [RFC4034]
