DNSSEC Best Practices

Tony Finch dot at dotat.at
Wed Apr 28 09:51:39 UTC 2021

Arne Jensen <darkdevil at darkdevil.dk> wrote:
> RFC8624 "Algorithm Implementation Requirements and Usage Guidance for
> -> https://tools.ietf.org/html/rfc8624
> > What algorithms do you typically sign with
> > (RSASHA256, ECDSAP256SHA256, both, something other)?
> Those two mentioned are the ones that the vast majority seems to sign with.

Yes. I recommend p256 because the security advantages of p384 are not
significant enough to justify the increased costs in space (packet size)
and time.

If for some terrible reason you need to use RSASHA256, use 2048 bit keys,
same as the root zone.

In the future when support is widespread enough, ed25519 will be the best

> SHA256 and SHA512 have been discussed about vulnerable to length
> extension attacks, where SHA384 hasn't:

Length extension attacks aren't a problem in this context.

f.anthony.n.finch  <dot at dotat.at>  https://dotat.at/
Lough Foyle to Carlingford Lough: Northerly or northeasterly 4 or 5,
occasionally 6 at first in far southeast, becoming variable 2 or 3
later. Slight, occasionally moderate at first. Fair at first, then
showers. Good.

More information about the NANOG mailing list