[dns-operations] dnssec ecc

Francis Dupont Francis.Dupont at fdupont.fr
Wed Jul 16 16:14:20 UTC 2014

 In your previous mail you wrote:

>  Are enough current verifiers capable of verifying ecdsa to make is
>  reasonable to deploy ECDSAP256SHA256 or ECDSAP384SHA384 keys?

=> It is supported by bind 9 (support is detected at configuration
time with an option to help/force it for corner cases like cross
compiling). I expect it is supported by unbound and other recursive
servers. For libraries you need recent codes. BTW there is an
ecdsa.isc.org domain to check this...


Francis.Dupont at fdupont.fr (and also fdupont at isc.org)

PS: don't hesitate to push ECDSA!

More information about the dns-operations mailing list