Skip to main content

Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    dnsext mailing list <>, 
    dnsext chair <>
Subject: REVISED Protocol Action: 'Use of GOST signature algorithms in
DNSKEY and RRSIG Resource Records for DNSSEC' to Proposed Standard

The IESG has approved the following document:

- 'Use of GOST signature algorithms in DNSKEY and RRSIG Resource Records

   for DNSSEC '
   <draft-ietf-dnsext-dnssec-gost-07.txt> as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Ralph Droms and Jari Arkko.

A URL of this Internet-Draft is:

Ballot Text

Technical Summary

   This document defines the use of new digital signature algorithm,
   the specifications of this algorithm was originally published in
   Russian but an English translation is in the RFC editors queue.
   The document describes how to publish a public key in a DNSKEY
   record, how to convert the public key into a construct used by
   crypto libraries, and how to generate digital signature and publish
   it in a RRSIG.

Working Group Summary

   The consensus for this document is strong.

Document Quality

   This document has been reported by a few DNS implementors to be clear
   enough to be implementable. There have been changes in the wire
   format between the different versions, using random testing codes
   for IANA requested values.  This document is similar in many
   respects to RFC5702 and RFC 4509 as the DNS inter operability
   issues are identical.  The only difference is the underlying
   technologies, RSA/SHA2 vs GOST R 34.10-2001/GOST R 34.11-94.


   Olafur Gudmundsson ( is the document shepherd.  Ralph
   Droms is the responsible Area Director.

RFC Editor Note

Please delete section 6.3 as it is redundant.

The document editor is to provide updated examples once IANA has
assigned values.

RFC Editor Note