{"draft":"draft-ietf-dnsop-rfc8624-bis-13","doc_id":"RFC9904","title":"DNSSEC Cryptographic Algorithm Recommendation Update Process","authors":["W. Hardaker","W. Kumari"],"format":["HTML","TEXT","PDF","XML"],"page_count":"13","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Domain Name System Operations","abstract":"The DNSSEC protocol makes use of various cryptographic algorithms to\r\nprovide authentication of DNS data and proof of nonexistence.  To\r\nensure interoperability between DNS resolvers and DNS authoritative\r\nservers, it is necessary to specify both a set of algorithm\r\nimplementation requirements and usage guidelines to ensure that there\r\nis at least one algorithm that all implementations support. This\r\ndocument replaces and obsoletes RFC 8624 and moves the canonical\r\nsource of algorithm implementation requirements and usage guidance\r\nfor DNSSEC from RFC 8624 to the IANA DNSSEC algorithm registries.\r\nThis is done to allow the list of requirements to be more easily\r\nupdated and referenced. Extensions to these registries can be made in\r\nfuture RFCs. This document also updates RFC 9157 and incorporates the\r\nrevised IANA DNSSEC considerations from that RFC.\r\n\r\nThis document does not change the recommendation status (MUST, MAY,\r\nRECOMMENDED, etc.) of the algorithms listed in RFC 8624; that is the\r\nwork of future documents.","pub_date":"November 2025","keywords":["DNS","DNSSEC","rollover","agility"],"obsoletes":["RFC8624"],"obsoleted_by":[],"updates":["RFC9157"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9904","errata_url":null}