This document describes how to produce RSA/SHA-256 and RSA/SHA-512
DNSKEY and RRSIG resource records for use in the Domain Name System
Security Extensions (DNSSEC, RFC 4033, RFC 4034, and RFC 4035).
Working Group Summary
The DNS Extensions Working Group had consensus to publish the
The document received thorough review, and it is expected that
vendors supporting DNSSEC will implement SHA-2 once the document is
published. During Working Group Last Call, there were objections
that an earlier approach, which tied SHA-2 to implementation of
NSEC3, would be a barrier for adoption by some vendors, so the
specification was changed to avoid the link.
Andrew Sullivan (firstname.lastname@example.org) is the Document Shepherd.
Ralph Droms (email@example.com) is the Responsible AD.