I wasn't a part of this procedure so I cannot answer anything related to
that. I can, however, respond to questions for which we make information
available online.
If you want specific information about the procedure I suggest you ask
your registrar or you can contact SWITCH at regis...@nic.ch.
On 01.05.23 14:12, Franco Hug via swinog wrote:
Would be interesting to see a chart similar to this one:
https://www.nic.ch/de/statistics/dnssec/ which shows the different algorithms
in use.
You can find the DNSSEC algorithm break down for the end of 2022 for .ch
on slide 21:
https://www.nic.ch/export/shared/.content/files/SWITCH_Report_Registry_2022.pdf
DNSSEC algorithm Number Percentage
5 – RSASHA1 45 0.00%
7 – RSASHA1-NSEC3-SHA1 607 0.05%
8 – RSASHA256 97,098 8.96%
10 – RSASHA512 67 0.01%
13 – ECDSAP256SHA256 1,018,855 91.22%
14 – ECDSAP384SHA384 139 0.01%
15 – ED25519 61 0.01%
16 – ED448 14 0.00%
Older reports are published at:
https://www.nic.ch/about/
Since end of January 2023 you could not use them anymore.
Probably valid for new DNSSEC activations, had no effect on pre-existing algo
5/7 domains.
Same PDF has some information on slide 15 which basically states:
* Nov 2022, you can not introduce algo 5 or 7 for a previously unsigned
domain
* Jan 2023, you can not roll your algo 5 or 7 unless to a more modern
algorithm
Cheers,
Daniel
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch
