#[non_exhaustive]
pub enum Algorithm {
RSAMD5,
DSA,
RSASHA1,
RSASHA1NSEC3SHA1,
RSASHA256,
RSASHA512,
ECDSAP256SHA256,
ECDSAP384SHA384,
ED25519,
Unknown(u8),
}
dnssec
only.Expand description
DNSSec signing and validation algorithms.
For reference the iana documents have all the officially registered algorithms.
RFC 6944, DNSSEC DNSKEY Algorithm Status, April 2013
2.2. Algorithm Implementation Status Assignment Rationale
RSASHA1 has an implementation status of Must Implement, consistent
with [RFC4034]. RSAMD5 has an implementation status of Must Not
Implement because of known weaknesses in MD5.
The status of RSASHA1-NSEC3-SHA1 is set to Recommended to Implement
as many deployments use NSEC3. The status of RSA/SHA-256 and RSA/
SHA-512 are also set to Recommended to Implement as major deployments
(such as the root zone) use these algorithms [ROOTDPS]. It is
believed that RSA/SHA-256 or RSA/SHA-512 algorithms will replace
older algorithms (e.g., RSA/SHA-1) that have a perceived weakness.
Likewise, ECDSA with the two identified curves (ECDSAP256SHA256 and
ECDSAP384SHA384) is an algorithm that may see widespread use due to
the perceived similar level of security offered with smaller key size
compared to the key sizes of algorithms such as RSA. Therefore,
ECDSAP256SHA256 and ECDSAP384SHA384 are Recommended to Implement.
All other algorithms used in DNSSEC specified without an
implementation status are currently set to Optional.
2.3. DNSSEC Implementation Status Table
The DNSSEC algorithm implementation status table is listed below.
Only the algorithms already specified for use with DNSSEC at the time
of writing are listed.
+------------+------------+-------------------+-------------------+
| Must | Must Not | Recommended | Optional |
| Implement | Implement | to Implement | |
+------------+------------+-------------------+-------------------+
| | | | |
| RSASHA1 | RSAMD5 | RSASHA256 | Any |
| | | RSASHA1-NSEC3 | registered |
| | | -SHA1 | algorithm |
| | | RSASHA512 | not listed in |
| | | ECDSAP256SHA256 | this table |
| | | ECDSAP384SHA384 | |
+------------+------------+-------------------+-------------------+
This table does not list the Reserved values in the IANA registry
table or the values for INDIRECT (252), PRIVATE (253), and PRIVATEOID
(254). These values may relate to more than one algorithm and are
therefore up to the implementer's discretion. As noted, any
algorithm not listed in the table is Optional. As of this writing,
the Optional algorithms are DSASHA1, DH, DSA-NSEC3-SHA1, and GOST-
ECC, but in general, anything not explicitly listed is Optional.
2.4. Specifying New Algorithms and Updating the Status of Existing
Entries
[RFC6014] establishes a parallel procedure for adding a registry
entry for a new algorithm other than a standards track document.
Because any algorithm not listed in the foregoing table is Optional,
algorithms entered into the registry using the [RFC6014] procedure
are automatically Optional.
It has turned out to be useful for implementations to refer to a
single document that specifies the implementation status of every
algorithm. Accordingly, when a new algorithm is to be registered
with a status other than Optional, this document shall be made
obsolete by a new document that adds the new algorithm to the table
in Section 2.3. Similarly, if the status of any algorithm in the
table in Section 2.3 changes, a new document shall make this document
obsolete; that document shall include a replacement of the table in
Section 2.3. This way, the goal of having one authoritative document
to specify all the status values is achieved.
This document cannot be updated, only made obsolete and replaced by a
successor document.
Variants (Non-exhaustive)
This enum is marked as non-exhaustive
RSAMD5
this is a compromised hashing function, it is here for backward compatibility
DO NOT USE, MD5 is a compromised hashing function, it is here for backward compatibility
DSA
this is a compromised hashing function, it is here for backward compatibility
DO NOT USE, DSA is a compromised hashing function, it is here for backward compatibility
RSASHA1
this is a compromised hashing function, it is here for backward compatibility
DO NOT USE, SHA1 is a compromised hashing function, it is here for backward compatibility
RSASHA1NSEC3SHA1
this is a compromised hashing function, it is here for backward compatibility
DO NOT USE, SHA1 is a compromised hashing function, it is here for backward compatibility
RSASHA256
RSA public key with SHA256 hash
RSASHA512
RSA public key with SHA512 hash
ECDSAP256SHA256
ECDSAP384SHA384
ED25519
Unknown(u8)
An unknown algorithm identifier
Implementations
Trait Implementations
sourceimpl<'r> BinDecodable<'r> for Algorithm
impl<'r> BinDecodable<'r> for Algorithm
sourcefn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self>
fn read(decoder: &mut BinDecoder<'r>) -> ProtoResult<Self>
Read the type from the stream
sourcefn from_bytes(bytes: &'r [u8]) -> ProtoResult<Self>
fn from_bytes(bytes: &'r [u8]) -> ProtoResult<Self>
Returns the object in binary form
sourceimpl BinEncodable for Algorithm
impl BinEncodable for Algorithm
sourcefn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()>
fn emit(&self, encoder: &mut BinEncoder<'_>) -> ProtoResult<()>
Write the type to the stream
sourcefn to_bytes(&self) -> ProtoResult<Vec<u8>>
fn to_bytes(&self) -> ProtoResult<Vec<u8>>
Returns the object in binary form
sourceimpl<'de> Deserialize<'de> for Algorithm
impl<'de> Deserialize<'de> for Algorithm
sourcefn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
sourceimpl From<Algorithm> for DigestType
impl From<Algorithm> for DigestType
sourceimpl From<Algorithm> for SupportedAlgorithms
impl From<Algorithm> for SupportedAlgorithms
sourceimpl Ord for Algorithm
impl Ord for Algorithm
sourceimpl PartialOrd<Algorithm> for Algorithm
impl PartialOrd<Algorithm> for Algorithm
sourcefn partial_cmp(&self, other: &Algorithm) -> Option<Ordering>
fn partial_cmp(&self, other: &Algorithm) -> Option<Ordering>
This method returns an ordering between self
and other
values if one exists. Read more
1.0.0 · sourcefn lt(&self, other: &Rhs) -> bool
fn lt(&self, other: &Rhs) -> bool
This method tests less than (for self
and other
) and is used by the <
operator. Read more
1.0.0 · sourcefn le(&self, other: &Rhs) -> bool
fn le(&self, other: &Rhs) -> bool
This method tests less than or equal to (for self
and other
) and is used by the <=
operator. Read more
impl Copy for Algorithm
impl Eq for Algorithm
impl StructuralEq for Algorithm
impl StructuralPartialEq for Algorithm
Auto Trait Implementations
impl RefUnwindSafe for Algorithm
impl Send for Algorithm
impl Sync for Algorithm
impl Unpin for Algorithm
impl UnwindSafe for Algorithm
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<Q, K> Equivalent<K> for Q where
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
impl<Q, K> Equivalent<K> for Q where
Q: Eq + ?Sized,
K: Borrow<Q> + ?Sized,
sourcefn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to key
and return true
if they are equal.
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
fn vzip(self) -> V
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more