Signaling Cryptographic Algorithm Understanding in DNS Security Extensions
RFC 6975, “Signaling Cryptographic Algorithm Understanding in DNS Security Extensions”, is a Proposed Standard document published in July 2013 by S. Crocker, S. Rose. The canonical text is published by the RFC Editor.
Abstract
The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be generated using different algorithms. This document specifies a way for validating end-system resolvers to signal to a server which digital signature and hash algorithms they support. The extensions allow the signaling of new algorithm uptake in client code to allow zone administrators to know when it is possible to complete an algorithm rollover in a DNSSEC-signed zone.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6975 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6974 Applicability of MPLS Transport Profile for Ring Topologies
- RFC 6976 Framework for Loop-Free Convergence Using the Ordered Forwarding Information Base Approach
- RFC 6973 Privacy Considerations for Internet Protocols
- RFC 6977 Triggering DHCPv6 Reconfiguration from Relay Agents
- RFC 6972 Problem Statement and Requirements of the Peer-to-Peer Streaming Protocol
- RFC 6978 A TCP Authentication Option Extension for NAT Traversal
- RFC 6971 Depth-First Forwarding in Unreliable Networks
- RFC 6979 Deterministic Usage of the Digital Signature Algorithm and Elliptic Curve Digital Signature Algorithm