{
  "draft": "draft-ietf-dnsop-must-not-sha1-10",
  "doc_id": "RFC9905",
  "title": "Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms",
  "authors": [
    "W. Hardaker",
    "W. Kumari"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "5",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Domain Name System Operations",
  "abstract": "This document deprecates the use of the RSASHA1 and\nRSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key\n(DNSKEY) and Resource Record Signature (RRSIG) records.\n\n It updates RFCs 4034 and 5155 as it deprecates the use of these\nalgorithms.",
  "pub_date": "December 2025",
  "keywords": [
    "DNS",
    "DNSSEC",
    "rollover",
    "agility",
    "algorithm",
    "SHA1"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [
    "RFC4034",
    "RFC5155"
  ],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9905",
  "errata_url": null
}