In your previous mail you wrote: But AFAIK, no dns implementation supports ECC yet. => *** flame war ON ***
In fact it is no true: GOST (in its second version which will be used for DNSSEC) is based on ECC. *** flame war OFF *** francis.dup...@fdupont.fr PS: there is no real technical issue for ECC based DNSSEC: all it is needed is reasonable support in not very last OpenSSLs. So the real problems are: - a good draft - some consensus - IETF publication delays IMHO we should ask Russ to nominate a cryptographer (or himself) to re-initiate the process from the first step: a good draft (here good is sound from a crypto point of view, easy to implement (I already explained what I meant by this) and without a zillion different options (what I believe was the problem of previous attempts)). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop