[dns-operations] EdDSA status ?
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Jun 1 16:22:59 UTC 2018
> On Jun 1, 2018, at 12:06 PM, Paul Hoffman <phoffman at proper.com> wrote:
>
> Just so I can understand: why is anyone even interested in using
> EdDSA instead of ECDSA in DNSSEC unless you are doing online (live)
> signing?
Keeping in mind that live signing uses ZSKs, and EdDSA is not
yet very practical as a ZSK, except perhaps as a second signature
alongside P256, which resolvers will prefer when both are
present. But then you're paying both CPU costs, so it is not
at all clear why you'd do that for live signing.
So I think a second KSK alongside P256 makes some sense, if
one is concerned about P256, and then rotate the ZSK often
enough to limit opportunities for brute-force key compromise.
--
Viktor.
More information about the dns-operations
mailing list