In message <[email protected]>, Michael Richardson writes: > > Olafur Gudmundsson <[email protected]> wrote: > >> Or, "does any gTLD registrar support algs 13-14??" Or, "won't anyone > >> validate my zone??" > >> > >> So, currently, I use Dyn for some gTLD domains that I have that are > >> all DNSSEC-signed. Recently, I decided to start signing some of them > >> with ECDSAP384SHA348. Now I'll just update the DS records and...oh, > >> no algorithm 14 is supported in the drop-down menu for Dyn. Neither > >> are 12 or 13 for that matter. Okay, time to fire off a note to Dyn > >> tech support and here's the gem of the reply: > >> > > > Hi Michael, on the second question almost every current release of all > > resolvers supports ECDSA verification the exceptions are that some OS > > distributions strip ECC from openssl and other crypto libraries as a > > precaution against patient lawsuits. Google Public DNS added support > > little bit over a week ago. > > It's not a question of: "can we do this", but rather a question of: > if we do it, > then it needs to be done correctly, > which means some test cases and test data, and this takes a non-zero > amount of time. > > Could the effort be better spent elsewhere? > > -- > ] Never tell me the odds! | ipv6 mesh networks > [ > ] Michael Richardson, Sandelman Software Works | network architect > [ > ] [email protected] http://www.sandelman.ca/ | ruby on rails > [
Additionally with DLV we also need to be able to validate which means more than upgrading OpenSSL. It also means getting the ruby libraries upgraded etc. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
