On Thu, Mar 22, 2018 at 05:47:58PM +0000, Ondřej Surý wrote: ... > > They should switch away from SHA1 as SHA1 is being deprecated industry > > wide. Even if we recommend to move away from RSA (which I'm not sure if > > there > > is consensus on) to ECC, I would like to move them to ED25519/ED448 over > > the ECDSA* variants. > > I don’t think this is currently feasible to do so, so we need to have a > feedback from WG. > > > If it is too soon for that now, I would simply not > > recommend moving away from RSA. And maybe make ECDSAP256SHA256 a MAY > > instead of a MUST. > > What would be the technical/security reason for skipping ECDSA? > > Ondrej
Besides of this question this is a recommendation to be change in the future. Current ED25519/ED448 deployment is negligible if any. It will take at least 5 year for the situation to improve. Fred _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop