DNSSEC Best Practices
rstory at isi.edu
Wed Apr 28 16:31:01 UTC 2021
On Wed 2021-04-28 12:02:18+0200 Mark wrote:
> On 4/28/21 11:51, Tony Finch wrote:
> > Yes. I recommend p256 because the security advantages of p384 are
> > not significant enough to justify the increased costs in space
> > (packet size) and time.
> Both 13 and 14 are already smaller than 8 (which is the most widely
> deployed algorithm today).
For those interested, actual numbers for algorithm deployment can be
found in the DNSSEC parameter frequency analysis section of
Robert Story <http://www.isi.edu/~rstory>
USC Information Sciences Institute <http://www.isi.edu/>
More information about the NANOG