Deprecate Usage of ECC-GOST within DNSSEC
RFC 9906, “Deprecate Usage of ECC-GOST within DNSSEC”, is a Proposed Standard document published in November 2025 by W. Hardaker, W. Kumari. The canonical text is published by the RFC Editor.
Abstract
This document retires the use of GOST R 34.10-2001 (mnemonic "ECC-GOST") and GOST R 34.11-94 within DNSSEC.
RFC 5933 (Historic) defined the use of GOST R 34.10-2001 and GOST R 34.11-94 algorithms with DNS Security Extensions (DNSSEC). This document updates RFC 5933 by deprecating the use of ECC-GOST.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9906 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9905 Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms
- RFC 9904 DNSSEC Cryptographic Algorithm Recommendation Update Process
- RFC 9903 A YANG Data Model for OSPF Segment Routing over the MPLS Data Plane
- RFC 9909 Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Stateless Hash-Based Digital Signature Algorithm
- RFC 9902 A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane
- RFC 9901 Selective Disclosure for JSON Web Tokens
- RFC 9911 Common YANG Data Types
- RFC 9900 Updates to NETCONF Transport Port Numbers