{"draft":"draft-ietf-dnsop-must-not-sha1-10","doc_id":"RFC9905","title":"Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms","authors":["W. Hardaker","W. Kumari"],"format":["HTML","TEXT","PDF","XML"],"page_count":"5","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Domain Name System Operations","abstract":"This document deprecates the use of the RSASHA1 and\nRSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key\n(DNSKEY) and Resource Record Signature (RRSIG) records.\r\n\r\nIt updates RFCs 4034 and 5155 as it deprecates the use of these\nalgorithms.","pub_date":"November 2025","keywords":["DNS","DNSSEC","rollover","agility","algorithm","SHA1"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC4034","RFC5155"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9905","errata_url":null}