DSA with SHA-2 for DNSSEC

Document Type Expired Internet-Draft (individual)
Author Paul Hoffman 
Last updated 2009-07-06
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes how to specify DSA keys and signatures based on SHA-256 with a specific set of parameters in DNSSEC. The keys used are 2048 bits, and have an equivalent security level of 112 bits.


Paul Hoffman (paul.hoffman@vpnc.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)