Arne Jensen <darkde...@darkdevil.dk> wrote: > > RFC8624 "Algorithm Implementation Requirements and Usage Guidance for > DNSSEC" > > -> https://tools.ietf.org/html/rfc8624 > > > What algorithms do you typically sign with > > (RSASHA256, ECDSAP256SHA256, both, something other)? > > Those two mentioned are the ones that the vast majority seems to sign with.
Yes. I recommend p256 because the security advantages of p384 are not significant enough to justify the increased costs in space (packet size) and time. If for some terrible reason you need to use RSASHA256, use 2048 bit keys, same as the root zone. In the future when support is widespread enough, ed25519 will be the best choice. > SHA256 and SHA512 have been discussed about vulnerable to length > extension attacks, where SHA384 hasn't: Length extension attacks aren't a problem in this context. Tony. -- f.anthony.n.finch <d...@dotat.at> https://dotat.at/ Lough Foyle to Carlingford Lough: Northerly or northeasterly 4 or 5, occasionally 6 at first in far southeast, becoming variable 2 or 3 later. Slight, occasionally moderate at first. Fair at first, then showers. Good.
