On Fri, Jul 11, 2014 at 06:46:16PM -0400, James Cloos <[email protected]> wrote a message of 6 lines which said:
> Are enough current verifiers capable of verifying ecdsa to make is > reasonable to deploy ECDSAP256SHA256 or ECDSAP384SHA384 keys? I'm not aware of any published survey (Geoff Huston's style: send a Flash ad, which loads three images, one in an unsigned domain, one in a domain properly signed with ECC and one deliberately broken-signed with ECC, and see which image(s) is(are) loaded). So, the answer is "I don't know". There are some already existing domains signed only with ECC, such as ecdsa.isc.org. You can try to query them from several points (using Atlas probes, may be) and see how often you get the AD bit. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
