In your previous mail you wrote:

   But AFAIK, no dns implementation supports ECC yet.
   
=> *** flame war ON ***

In fact it is no true: GOST (in its second version which will be used
for DNSSEC) is based on ECC.

*** flame war OFF ***

francis.dup...@fdupont.fr

PS: there is no real technical issue for ECC based DNSSEC: all it is
needed is reasonable support in not very last OpenSSLs.
So the real problems are:
 - a good draft
 - some consensus
 - IETF publication delays
IMHO we should ask Russ to nominate a cryptographer (or himself)
to re-initiate the process from the first step: a good draft
(here good is sound from a crypto point of view, easy to implement
(I already explained what I meant by this) and without a zillion
different options (what I believe was the problem of previous attempts)).
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to