On Sat, Mar 19, 2016 at 4:04 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> [[ Dropping CURDLE because these discussions should only be in one WG ]] > > ECDSAP256SHA256 and ECDSAP384SHA384 provide more strength for > signature size than RSASHA256 and RSASHA512 variants. It is expected > to be raised to MUST once they have been deployed more widely for > DNSSEC Signing. ECDSAP256SHA256 has seen raise in the deployment, so > it's set to MUST level for DNSSEC Validation. > > Even though I was a strong proponent of ECDSA, I think this is the wrong > move. ECDSA has had many years to garner interest, and it hasn't. Within a > year, we will have EDDSA in DNSSEC, and the operational crypto properties > of EDDSA are noticeably better than those of ECDSA. It would be much better > if the community just standardized on EDDSA instead of a mixture of the two > algorithms. Proposal: drop them from this document. They will remain in the > IANA registry, of course. > > --Paul Hoffman > > Paul for the record There are tens of thousands of domains signed with ECDSAP256SHA256 world wide. ECDSA is currently the only viable algorithm for anyone that wants to do OnLine signing in low latency environments. There are significant issues related to deploying a new DNSSEC algorithm world wide, most related to stuff actual operating environments. My current best guess is that it takes about 5-10years after IETF standardizes new algorithm, before the algorithm is globally "useful". We are still inside the 5 year window, working out the issues in deploying new algorithms with ECDSA can only help the algorithms that will follow. I see no evidence of use of ECDSAP384SHA384 except in test setups, so I have no problem not mentioning that algorithm in the document. Olafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
