Hi everyone Sometime ago, Jelte and I had submitted SHA-3 variants for existing DNSSEC algorithms along with working code (for BIND and ldns library). At that time, many of the reviewers felt that continuing to include use of RSA signatures (though it was upgraded to the PSS form) in new algorithms was redundant considering the migration to ECC algorithms in the DNS industry. Though short-lived short-length RSA signatures are still used in the DNS, the adoption of ECC algorithms has been largely successful.
SHA-1 is getting weaker by the passing of time, and the SHA-2 family is the last remaining deployed family of DNSSEC hash functions. It takes time for new algorithms to trickle down into deployed software, and introducing an alternative early is sensible. https://tools.ietf.org/html/draft-muks-dnsop-dnssec-sha3-01 Please read the introduction section (page 3) for info on SHA-3 as it compares to SHA-2. Would there be consensus if the draft is updated to specify SHA-3 for just a subset of ECC algorithms? Should it be specified for all of [ECDSAP256SHA256, ECDSAP384SHA384, ED25519, ED448] or a subset of them? Mukund _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
