On Fri, 8 Apr 2016, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for cryptographers in the list: as far as I know there is a relationship with the RSA key size and the output length of the hash algorithm. So perhaps we should not plan to move RSASHA512 to MAY (or worse to MUST NOT) as the SHOULD- means, i.e., put a SHOULD (vs SHOULD-) for RSASHA512? Note the time the I-D will be published and applicable we likely get a clearer view about this issue (:-)!
The reason behind our initial population of SHOULD- for RSASHA512 was that: - It is not used widely - It causes much larger signatures for the same signature strength compared to the existing ECDSA algos and the imminent new EDDSA algos. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
