[Dnssec-deployment] DNSSEC algorithms updated for .edu domains
Matt Larson
mlarson at verisign.com
Tue Aug 10 10:32:04 EDT 2010
On Mon, 09 Aug 2010, Paul Hoffman wrote:
> At 2:45 PM -0600 8/9/10, Becky Granger wrote:
> >Hello all -
> >
> >EDUCAUSE and VeriSign have worked together to enable algorithms 8, 10, and 12 for .edu domain DS records. The following is the complete list of supported algorithms for .edu domains:
> >
> >3:DSA/SHA1
> >5:RSA/SHA-1
> >6:DSA-NSEC3-SHA1
> >7:RSASHA1-NSEC3-SHA1
> >8:RSA/SHA-256
> >10:RSA/SHA-512
> >12:GOST R 34.10-2001
> >
> >Let me know if anyone has questions. :-)
>
> What is your use case for #12? (No smiley)
The reasoning for allowed algorithms was "default permit". The
non-assigned and reserved code points are disallowed, as are those
assigned but with no specification, ECC (4) and indirect (252). The
private ones (253 and 254) could go either way, but we decided to
leave them in.
Matt
More information about the Dnssec-deployment
mailing list