On 12/19/2016 11:28 AM, Yuri Schaeffer wrote: >> I assume that the ods algo #'s match the IANA's for the ECDSA P-256 & P-384 >> algos? i.e., "13" & "14"? > > Yes!
When switching to ECC algo, e.g. for AES-256 'equivalency' (fyi, why the keylength naming is as it is: http://crypto.stackexchange.com/questions/9901/why-is-the-p-521-elliptic-curve-not-in-suite-b-if-aes-256-is) 14 ECDSA Curve P-384 with SHA-384 what's the required form for the <Algorithm length="???"> parameter ? kasp.xml ... <!-- Parameters for KSK only --> <KSK> ?? <Algorithm length="2048">8</Algorithm> <Lifetime>P1Y</Lifetime> <Repository>SoftHSM</Repository> </KSK> <!-- Parameters for ZSK only --> <ZSK> ?? <Algorithm length="1024">8</Algorithm> <Lifetime>P90D</Lifetime> <Repository>SoftHSM</Repository> <!-- <ManualRollover/> --> </ZSK> ... Does it need to be SPECIFIED for ods config? as key length, <Algorithm length="384">P-384</Algorithm> bit-depth, <Algorithm length="256">P-384</Algorithm> or, since it's implicit in the curve definition, not at all, <Algorithm>P-384</Algorithm> ? _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
