RFC 9905

Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms, November 2025

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Updates:
RFC 4034, RFC 5155
Authors:
W. Hardaker
W. Kumari
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9905

Discuss this RFC: Send questions or comments to the mailing list [email protected]

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9905

Abstract

This document deprecates the use of the RSASHA1 and RSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key (DNSKEY) and Resource Record Signature (RRSIG) records.

It updates RFCs 4034 and 5155 as it deprecates the use of these algorithms.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search