Donate
‹ Back
Deploy360 3 March 2017

Comments? Internet Draft on DNSSEC Crypto Algorithm Agility

By Dan York Senior Manager, Content and Web Strategy

DNSSEC badgeWhat are the challenges in deploying new cryptographic algorithms for DNSSEC? As we look to move to using new crypto algorithms such as ECDSA, what are the barriers to getting those new algorithms rolled out? And how can we overcome those barriers?

A few of us wrote an Internet Draft on this topic:

and with IETF 98 fast approaching I am considering whether we need to publish a revision.  So I’m curious – what do you think? Are there  topics that we missed? Text that we could make a bit more clear? Additional points to consider?

We’d welcome any and all feedback. You can leave comments here on the blog post, or on social media where this appears… or you could just do that old-fashioned email thing.

Thanks in advance!

‹ Back

Related articles

The Next Steps Toward Increasing The Security of DNSSEC with Elliptic Curve Cryptography
Deploy36028 March 2016

The Next Steps Toward Increasing The Security of DNSSEC with Elliptic Curve Cryptography

How do we make DNSSEC even more secure through the use of elliptic curve cryptography?  What are the advantages of...

Call for Participation - ICANN 56 DNSSEC Workshop in Helsinki, Finland on 27 June 2016
Deploy36028 April 2016

Call for Participation – ICANN 56 DNSSEC Workshop in Helsinki, Finland on 27 June 2016

Do you have an idea for an innovative use of DNSSEC or DANE? Did you develop a new tool or...

Rough Guide to IETF 99: DNS Privacy and Security, including DNSSEC
Rough Guide to IETF 99: DNS Privacy and Security, including DNSSEC
Domain Name System (DNS)11 July 2017

Rough Guide to IETF 99: DNS Privacy and Security, including DNSSEC

There's a good bit of DNS secrurity and privacy activity happening at IETF 99 next week in Prague, although not all of...

Join the conversation with Internet Society members around the world