> On 21 Oct 2018, at 17:40, fujiw...@jprs.co.jp wrote: > >> From: Vladimír Čunát <vladimir.cu...@nic.cz> >> On 10/17/18 11:18 PM, fujiw...@jprs.co.jp wrote: >>> 4. In my opinion, Ed25519 is best algorithm some yars later. >>> If the document describes both current RECOMMENDATIONS and >>> RECOMMENDATIONS some years later, we can plan. >> >> >> I agree, but the last paragraph of 3.1 seems to express that already: > > Yes. > > # I'm afraid that some TLD/Root operators may not support ED25519 > # because it is RECOMMENDED (not MUST).
The I-D already says: > It is expected that deprecation of an algorithm will be performed > gradually. This provides time for various implementations to update > their implemented algorithms while remaining interoperable. Unless > there are strong security reasons, an algorithm is expected to be > downgraded from MUST to NOT RECOMMENDED or MAY, instead of to MUST > NOT. Similarly, an algorithm that has not been mentioned as > mandatory-to-implement is expected to be introduced with a > RECOMMENDED instead of a MUST. and the last paragraph of 3.1 explicitly says: > It is > expected that ED25519 will become the future RECOMMENDED > default algorithm once there's enough support for this > algorithm in the deployed DNSSEC validators. I don’t think more handholding would be appropriate of IETF RFC. Thanks for all the comments, -- Ondřej Surý ond...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop