[Dnssec-deployment] DNSSEC algorithms updated for .edu domains

Matt Larson mlarson at verisign.com
Tue Aug 10 10:32:04 EDT 2010


On Mon, 09 Aug 2010, Paul Hoffman wrote:
> At 2:45 PM -0600 8/9/10, Becky Granger wrote:
> >Hello all -
> >
> >EDUCAUSE and VeriSign have worked together to enable algorithms 8, 10, and 12 for .edu domain DS records. The following is the complete list of supported algorithms for .edu domains:
> >
> >3:DSA/SHA1
> >5:RSA/SHA-1
> >6:DSA-NSEC3-SHA1
> >7:RSASHA1-NSEC3-SHA1
> >8:RSA/SHA-256
> >10:RSA/SHA-512
> >12:GOST R 34.10-2001
> >
> >Let me know if anyone has questions. :-)
> 
> What is your use case for #12? (No smiley)

The reasoning for allowed algorithms was "default permit".  The
non-assigned and reserved code points are disallowed, as are those
assigned but with no specification, ECC (4) and indirect (252).  The
private ones (253 and 254) could go either way, but we decided to
leave them in.

Matt



More information about the Dnssec-deployment mailing list