DNSSEC Best Practices

Robert Story rstory at isi.edu
Wed Apr 28 16:31:01 UTC 2021

On Wed 2021-04-28 12:02:18+0200 Mark wrote:
> On 4/28/21 11:51, Tony Finch wrote:
> > Yes. I recommend p256 because the security advantages of p384 are
> > not significant enough to justify the increased costs in space
> > (packet size) and time.  
> Both 13 and 14 are already smaller than 8 (which is the most widely 
> deployed algorithm today).

For those interested, actual numbers for algorithm deployment can be
found in the DNSSEC parameter frequency analysis section of

Robert Story <http://www.isi.edu/~rstory>
USC Information Sciences Institute <http://www.isi.edu/>

More information about the NANOG mailing list