[dns-operations] .kw (Kuwait) signed
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Mar 27 07:58:14 UTC 2019
The .KW (Kuwait) ccTLD is now signed, some time between:
http://dnsviz.net/d/kw/XJpq2w/dnssec/
and
http://dnsviz.net/d/kw/XJqjSg/dnssec/
--
Viktor.
P.S. I am somewhat surprised by the choice of a 4096-bit RSA KSK?
While .KW is not the only TLD with a 4096-bit KSK (but not as bold
as .MM where one the ZSKs is also 4096 bits, the other 1024-bits
and responses return signatures from both: <http://dnsviz.net/d/mm/dnssec/>)
qname | alg | flags | first seen | bits
-------------------------------------------------------------
ar | 8 | 257 | < 2017-10-19 | 4096
bg | 5 | 257 | < 2017-10-19 | 4096
firmdale | 8 | 257 | < 2017-10-19 | 4096
lt | 8 | 257 | < 2017-10-19 | 4096
mm | 8 | 257 | < 2017-10-19 | 4096
mm | 8 | 256 | < 2017-10-19 | 4096
na | 5 | 257 | < 2017-10-19 | 4096
nowruz | 8 | 257 | < 2017-10-19 | 4096
pars | 8 | 257 | < 2017-10-19 | 4096
shia | 8 | 257 | < 2017-10-19 | 4096
tci | 8 | 257 | < 2017-10-19 | 4096
uy | 8 | 257 | < 2017-10-19 | 4096
xn--mgbt3dhd | 8 | 257 | < 2017-10-19 | 4096
xn--mgbai9azgqp6j | 7 | 257 | 2017-10-25 | 4096
gdn | 8 | 257 | 2018-05-02 | 4096
si | 8 | 257 | 2018-12-22 | 4096
bg | 8 | 257 | 2019-01-21 | 4096
kw | 8 | 257 | 2019-03-26 | 4096
by now I would think operators would try to shy away from generating
a 1385-byte (signed) DNSKEY response.
More information about the dns-operations
mailing list