On Jan 19, 2015, at 7:30 AM, George Michaelson <g...@algebras.org> wrote: > I think its possible people have misunderstood what we said, when we measured > 'do not understand ECDSA' as a problem and presented on it. > > It is a tenable, arguable case, that PRECISELY because the fail mode is > 'unsigned' we can move to ECDSA more easily than any other key transition > under discussion: the fail mode breaks DNSSEC validation by returning to > unsigned state. Not by preventing name resolution. > > its the weaker, unprotected but results returned fail mode. > > If we want small, short tractable signatures in DNS, moving to eCDSA is > easier now than at any other time. We just have to accept we make a lot of > DNSSEC clients stop validating until code updates. > > thats how I read it, anyway.
A big +1 to this. One of the major reasons that the browser vendors are not even considering using DANE is that the DNS root is signed with a 1024-bit key. If all we want from DNSSEC is protecting DNS caches from spoofing, and we're willing to live with the restrictions that RSA puts us under, there is no need to change from the current setup. Some (many?) of us want DNSSEC to be more, if possible. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
