RFC 9904: DNSSEC Cryptographic Algorithm Recommendation Update Process

1.1. Document Audience

The columns added to the IANA "DNS Security Algorithm Numbers" [DNSKEY-IANA] and "Digest Algorithms" [DS-IANA] registries target DNSSEC operators and implementers.¶

Implementations need to meet high security expectations as well as provide interoperability between various implementations and with different versions.¶

The field of cryptography evolves continuously. New, stronger algorithms appear, and existing algorithms may be found to be less secure than originally thought. Therefore, algorithm implementation requirements and usage guidance need to be updated from time to time in order to reflect the new reality and to allow for a smooth transition to more secure algorithms as well as the deprecation of algorithms deemed to no longer be secure.¶

Implementations need to be conservative in the selection of algorithms they implement in order to minimize both code complexity and the attack surface.¶

The perspective of implementers may differ from that of an operator who wishes to deploy and configure DNSSEC with only the safest algorithm. As such, this document also adds new recommendations about which algorithms should be deployed regardless of implementation status. In general, it is expected that deployment of aging algorithms should generally be reduced before implementations stop supporting them.¶

1.2. Updating Algorithm Requirement Levels

By the time a DNSSEC cryptographic algorithm is made mandatory to implement, it should already be available in most implementations. This document defines an IANA registration modification to allow future documents to specify the implementation recommendations for each algorithm, as the recommendation status of each DNSSEC cryptographic algorithm is expected to change over time. For example, there is no guarantee that newly introduced algorithms will become mandatory to implement in the future. Likewise, published algorithms are continuously subjected to cryptographic attack and may become too weak, or even be completely broken, and will require deprecation in the future.¶

It is expected that the deprecation of an algorithm will be performed gradually. This provides time for implementations to update their implemented algorithms while remaining interoperable. Unless there are strong security reasons, an algorithm is expected to be downgraded from MUST to NOT RECOMMENDED or MAY, instead of directly from MUST to MUST NOT. Similarly, an algorithm that has not been mentioned as mandatory to implement is expected to be first introduced as RECOMMENDED instead of a MUST.¶

Since the effect of using an unknown DNSKEY algorithm is that the zone is treated as insecure, it is recommended that algorithms that have been downgraded to NOT RECOMMENDED or lower not be used by authoritative nameservers and DNSSEC signers to create new DNSKEYs. This ensures that the use of deprecated algorithms decreases over time. Once an algorithm has reached a sufficiently low level of deployment, it can be marked as MUST NOT, so that recursive resolvers can remove support for validating it.¶

Validating recursive resolvers are encouraged to retain support for all algorithms not marked as MUST NOT.¶

1.3. Requirements Notation

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶

[RFC2119] considers the term SHOULD to be equivalent to RECOMMENDED, and SHOULD NOT equivalent to NOT RECOMMENDED. This document has chosen to use the terms RECOMMENDED and NOT RECOMMENDED, as this more clearly expresses the recommendations to implementers.¶

2.1. Column Descriptions

The intended usage of the four columns in the "DNS Security Algorithm Numbers" registry is as follows:¶

Use for DNSSEC Signing:

Indicates the recommendation for using the algorithm within authoritative servers.¶

Use for DNSSEC Validation:

Indicates the recommendation for using the algorithm in DNSSEC validators.¶

Implement for DNSSEC Signing:

Indicates the recommendation for implementing the algorithm within DNSSEC signing software.¶

Implement for DNSSEC Validation:

Indicates the recommendation for implementing the algorithm within DNSSEC validators.¶

The intended usage of the four columns in the "Digest Algorithms" registry is as follows:¶

Use for DNSSEC Delegation:

Indicates the recommendation for using the algorithm within authoritative servers.¶

Use for DNSSEC Validation:

Indicates the recommendation for using the algorithm in DNSSEC validators.¶

Implement for DNSSEC Delegation:

Indicates the recommendation for implementing the algorithm within authoritative servers.¶

Implement for DNSSEC Validation:

Indicates the recommendation for implementing the algorithm within validating resolvers.¶

2.2. Adding and Changing Values

The following note describing the procedures for adding and changing values has been added to the "DNS Security Algorithm Numbers" registry:¶

Adding a new entry to the "DNS Security Algorithm Numbers" registry with a recommended value of "MAY" in the "Use for DNSSEC Signing", "Use for DNSSEC Validation", "Implement for DNSSEC Signing", or "Implement for DNSSEC Validation" columns will be subject to the Specification Required policy as defined in [RFC8126] in order to promote continued evolution of DNSSEC algorithms and DNSSEC agility. New entries added through the Specification Required process will have the value of "MAY" for all columns.¶

Adding a new entry to, or changing an existing value in, the "DNS Security Algorithm Numbers" registry that has any value other than "MAY" in the "Use for DNSSEC Signing", "Use for DNSSEC Validation", "Implement for DNSSEC Signing", or "Implement for DNSSEC Validation" columns requires Standards Action.¶

If an item is not marked as "RECOMMENDED", it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.¶

The following note has been added to the "Digest Algorithms" registry:¶

Adding a new entry to the "Digest Algorithms" registry with a recommended value of "MAY" in the "Use for DNSSEC Delegation", "Use for DNSSEC Validation", "Implement for DNSSEC Delegation", or "Implement for DNSSEC Validation" columns SHALL follow the Specification Required policy as defined in [RFC8126].¶

Adding a new entry to, or changing an existing value in, the "Digest Algorithms" registry that has any value other than "MAY" in the "Use for DNSSEC Delegation", "Use for DNSSEC Validation", "Implement for DNSSEC Delegation", or "Implement for DNSSEC Validation" columns requires Standards Action.¶

If an item is not marked as "RECOMMENDED", it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases.¶

Only values of "MAY", "RECOMMENDED", "MUST NOT", and "NOT RECOMMENDED" may be placed into the "Use for DNSSEC Signing" and "Use for DNSSEC Validation" columns. Only values of "MAY", "RECOMMENDED", "MUST", "MUST NOT", and "NOT RECOMMENDED" may be placed into the "Implement for DNSSEC Signing" and "Implement for DNSSEC Validation" columns. Note that a value of "MUST" is not an allowed value for the two "Use for" columns.¶

The following sections state the initial values that have been populated into these columns. The values in the "Implement for" columns are transcribed from [RFC8624]. The "Use for" columns are set to the same values as those in the "Implement for" columns since the general interpretation to date indicates they have been treated as values for both "use" and "implementation". Note that the value in the "Use for" column is "RECOMMENDED" when the value in the corresponding "Implement for" column is "MUST". We note that the values for "Implement for" and "Use for" may diverge in the future as implementations generally precede deployments.¶

7.1. Update to the DNS Security Algorithm Numbers Registry

IANA has updated the "DNS Security Algorithm Numbers" registry [DNSKEY-IANA] with the following columns and has populated these columns with the values from Table 2 of this document:¶

Additionally, IANA has completed the following actions for the "DNS Security Algorithm Numbers" registry [DNSKEY-IANA]:¶

7.2. Update to the Digest Algorithms Registry

IANA has updated the "Digest Algorithms" registry [DS-IANA] with the following columns and has populated these columns with the values from Table 3 of this document:¶

Additionally, IANA has completed the following actions for the "Digest Algorithms" registry [DS-IANA]:¶

8.1. Normative References

[DNSKEY-IANA]

IANA, "DNS Security Algorithm Numbers", <https://www.iana.org/assignments/dns-sec-alg-numbers>.

[DS-IANA]

IANA, "Digest Algorithms", <http://www.iana.org/assignments/ds-rr-types>.

[RFC2119]

Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

[RFC8126]

Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.

[RFC8174]

Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

[RFC9157]

Hoffman, P., "Revised IANA Considerations for DNSSEC", RFC 9157, DOI 10.17487/RFC9157, December 2021, <https://www.rfc-editor.org/info/rfc9157>.

8.2. Informative References

[RFC4034]

Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, DOI 10.17487/RFC4034, March 2005, <https://www.rfc-editor.org/info/rfc4034>.

[RFC4509]

Hardaker, W., "Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)", RFC 4509, DOI 10.17487/RFC4509, May 2006, <https://www.rfc-editor.org/info/rfc4509>.

[RFC5155]

Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", RFC 5155, DOI 10.17487/RFC5155, March 2008, <https://www.rfc-editor.org/info/rfc5155>.

[RFC5702]

Jansen, J., "Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC", RFC 5702, DOI 10.17487/RFC5702, October 2009, <https://www.rfc-editor.org/info/rfc5702>.

[RFC5933]

Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July 2010, <https://www.rfc-editor.org/info/rfc5933>.

[RFC6605]

Hoffman, P. and W.C.A. Wijngaards, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, DOI 10.17487/RFC6605, April 2012, <https://www.rfc-editor.org/info/rfc6605>.

[RFC6781]

Kolkman, O., Mekking, W., and R. Gieben, "DNSSEC Operational Practices, Version 2", RFC 6781, DOI 10.17487/RFC6781, December 2012, <https://www.rfc-editor.org/info/rfc6781>.

[RFC7583]

Morris, S., Ihren, J., Dickinson, J., and W. Mekking, "DNSSEC Key Rollover Timing Considerations", RFC 7583, DOI 10.17487/RFC7583, October 2015, <https://www.rfc-editor.org/info/rfc7583>.

[RFC8080]

Sury, O. and R. Edmonds, "Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC", RFC 8080, DOI 10.17487/RFC8080, February 2017, <https://www.rfc-editor.org/info/rfc8080>.

[RFC8624]

Wouters, P. and O. Sury, "Algorithm Implementation Requirements and Usage Guidance for DNSSEC", RFC 8624, DOI 10.17487/RFC8624, June 2019, <https://www.rfc-editor.org/info/rfc8624>.

[RFC9364]

Hoffman, P., "DNS Security Extensions (DNSSEC)", BCP 237, RFC 9364, DOI 10.17487/RFC9364, February 2023, <https://www.rfc-editor.org/info/rfc9364>.

[TLS-ciphersuites]

IANA, "Transport Layer Security (TLS) Parameters", <https://www.iana.org/assignments/tls-parameters>.