On Fri, Jul 03, 2026 at 09:02:52PM -0700, Brian Resnik wrote:
> And yes, I know people did RSA-512 for a long time.
A very small minority still do. Out of almost 27 million DNSSEC-signed
zones delegated from a public suffix, 308 have 512-bit RSA KSKs:
https://stats.dnssec-tools.org/#/?dnssec_param_tab=2
down from 9,557 KSKs in Oct 2017 when the DANE/DNSSEC survey started.
Also at that time just over 67,000 ZSKs, 55,500 of which shared a single
512-bit RSA key managed by their hosting provider.
So, news that RSA-512 is no longer fit for purpose eventually reach
everyone who might care. Now used by just 0.001% of signed zones.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]