Re: DNSSEC Best Practices

[Tony Finch <dot () dotat at>]

Arne Jensen <darkdevil () darkdevil dk> wrote:
> RFC8624 "Algorithm Implementation Requirements and Usage Guidance for
> DNSSEC"
>
> -> https://tools.ietf.org/html/rfc8624
>
> > What algorithms do you typically sign with
> > (RSASHA256, ECDSAP256SHA256, both, something other)?
>
> Those two mentioned are the ones that the vast majority seems to sign with.

Yes. I recommend p256 because the security advantages of p384 are not
significant enough to justify the increased costs in space (packet size)
and time.

If for some terrible reason you need to use RSASHA256, use 2048 bit keys,
same as the root zone.

In the future when support is widespread enough, ed25519 will be the best
choice.

> SHA256 and SHA512 have been discussed about vulnerable to length
> extension attacks, where SHA384 hasn't:

Length extension attacks aren't a problem in this context.

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  https://dotat.at/
Lough Foyle to Carlingford Lough: Northerly or northeasterly 4 or 5,
occasionally 6 at first in far southeast, becoming variable 2 or 3
later. Slight, occasionally moderate at first. Fair at first, then
showers. Good.