On Fri, Sep 11, 2020 at 02:29:49PM -0400, John Levine wrote:
> Are there any published numbers estimating how well the various DNSSEC
> algorithms are supported in DNS caches and client software?
Yes. See this discussion thread:
https://github.com/NLnetLabs/unbound/issues/271#issuecomment-664842368
https://github.com/NLnetLabs/unbound/issues/271#issuecomment-664858924
> Or to put it another way, were I to switch from signing with
> algorithm 8 to 13, how much would I regret it?
Not at all, support for algorithm 13 is basically universal at this
point. At this point some (domeneshop.no) are boldly forging ahead
with algorithm 15... Algorithm 13 looks like a legacy algorithm to
them ...
See also:
http://stats.dnssec-tools.org/#parameter
for deployment numbers on the authoritative side.
--
Viktor.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
