[dns-operations] .edu domain algorithm recommendation
Edward Lewis
Ed.Lewis at neustar.biz
Mon Aug 16 22:53:21 UTC 2010
At 17:00 -0400 8/16/10, Sue True wrote:
>I wonder what's the algorithm to use to generate keys?
Given that the root has just been signed, some TLDs are in the first
or early years, and there are still few others, there are a lot more
opinions than experience to go on.
8 is what I'd do for a new DNSSEC deployment now.
The only algorithm I wouldn't choose to start with now is 5, only
because 7 is exactly the same (RSA SHA-1) but 7 allows the choice of
NSEC3 or NSEC. (5 can only do NSEC.)
5,7,8,10 all are viable working algorithms and if they are in use, I
wouldn't change them. But given one to start with, I'd do 8.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.
More information about the dns-operations
mailing list