> On Jun 7, 2018, at 11:46 AM, [email protected] wrote:
>
> This particular author believes that the DNSSEC should move to ECC,
> so there’s a high cost associated with KSK algorithm rollover. So, if people
> are going to change to “stronger” (whatever this means in DNSSEC context)
> algorithm they should be strongly encouraged to change the algorithm
> to ECDSA256 (for now).
Just wanted to add, that I don't think of 10 as stronger than 8,
there's no evidence of weakness in SHA2-256 any time soon. I
rather view 8/10 as being two sides of the same coin, RSA with
the two un-truncated SHA2 algorithms, with which to use a "toss-up".
So there's no real advantage to moving to 10, modulo a small
performance improvement in verifying the signatures of "large"
RRsets. And the fact that RSA-SHA512 is can't be used with
512-bit keys is perhaps a feature.
--
Viktor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
