On Fri, Jul 03, 2026 at 09:02:52PM -0700, Brian Resnik wrote:

> And yes, I know people did RSA-512 for a long time.

A very small minority still do.  Out of almost 27 million DNSSEC-signed
zones delegated from a public suffix, 308 have 512-bit RSA KSKs:

    https://stats.dnssec-tools.org/#/?dnssec_param_tab=2

down from 9,557 KSKs in Oct 2017 when the DANE/DNSSEC survey started.
Also at that time just over 67,000 ZSKs, 55,500 of which shared a single
512-bit RSA key managed by their hosting provider.

So, news that RSA-512 is no longer fit for purpose eventually reach
everyone who might care.  Now used by just 0.001% of signed zones.

-- 
    Viktor.  🇺🇦 Слава Україні!

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to