nanog mailing list archives

Re: DNSSEC Best Practices

From: Robert Story <rstory () isi edu>
Date: Wed, 28 Apr 2021 12:31:01 -0400

On Wed 2021-04-28 12:02:18+0200 Mark wrote:

On 4/28/21 11:51, Tony Finch wrote:

Yes. I recommend p256 because the security advantages of p384 are
not significant enough to justify the increased costs in space
(packet size) and time.


Both 13 and 14 are already smaller than 8 (which is the most widely 
deployed algorithm today).


For those interested, actual numbers for algorithm deployment can be
found in the DNSSEC parameter frequency analysis section of
https://stats.dnssec-tools.org/.


-- 
Robert Story <http://www.isi.edu/~rstory>
USC Information Sciences Institute <http://www.isi.edu/>

Current thread:

DNSSEC Best Practices Eric Germann via NANOG (Apr 27)
- Re: DNSSEC Best Practices Arne Jensen (Apr 27)
  - Re: DNSSEC Best Practices Mark Tinka (Apr 28)
  - Re: DNSSEC Best Practices Tony Finch (Apr 28)
    - Re: DNSSEC Best Practices Mark Tinka (Apr 28)
    - Re: DNSSEC Best Practices Robert Story (Apr 28)
- Re: DNSSEC Best Practices Ca By (Apr 27)
- Re: DNSSEC Best Practices Mark Tinka (Apr 28)