I just heard a most interesting talk at M3AAWG about postquantum crypto and particularly about the NIST candidate algorithms. Many of them have much larger key or signature sizes than any current algorithm, like 10,000 bits or more. Some are a lot slower than others. Has anyone been looking at how these algorithms would or would not work with DNSSEC? NIST is accepting comments and the talk said they particularly want comments from industry on how this would affect existing applications.

I can imagine ways to make things work, e.g, hashes in some places rather than signatures, but I don't understand DNSSEC in enough detail to figure out what's a show stopper.

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to