[dns-operations] .edu domain algorithm recommendation

Edward Lewis Ed.Lewis at neustar.biz
Mon Aug 16 22:53:21 UTC 2010

At 17:00 -0400 8/16/10, Sue True wrote:
>I wonder what's the algorithm to use to generate keys?

Given that the root has just been signed, some TLDs are in the first 
or early years, and there are still few others, there are a lot more 
opinions than experience to go on.

8 is what I'd do for a new DNSSEC deployment now.

The only algorithm I wouldn't choose to start with now is 5, only 
because 7 is exactly the same (RSA SHA-1) but 7 allows the choice of 
NSEC3 or NSEC.  (5 can only do NSEC.)

5,7,8,10 all are viable working algorithms and if they are in use, I 
wouldn't change them.  But given one to start with, I'd do 8.

Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.

More information about the dns-operations mailing list