[dns-operations] DNSSEC algorithm 3 stats (DSA/SHA1)

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Apr 27 04:16:11 UTC 2018

I was surprised to find DNSSEC algorithm DSA/SHA1 still in use,
though perhaps at matching RSA key sizes it may offer similar
security to algorithm 5?

I've found 2613 domains with such keys:

  Key size (bits) | # domains
              512 | 1
             1024 | 2612

All but 9 of the domains are registered under .me and have tech at ovh.net
as the SOA mrname, most also have ovh.net MX hosts.  Anyone know how it
came to be that the last foothold of DSA/SHA is just .me domains hosted
by OVH?


More information about the dns-operations mailing list