[dns-operations] DNSSEC algorithm deployment trends update...
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Dec 7 06:11:33 UTC 2020
Following up on my post from ~two months ago:
> On Oct 9, 2020, at 5:39 AM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> By far the largest remaining cluster (>300k) of algorithm 5
> zones were under .com.br and these should all be upgraded
> to algorithm 13 over the coming ~10 days. Thus the algorithm
> 5 graph is showing that count falling dramatically.
That process was completed as expected, and algorithm 5 deployment
though no longer falling appreciably is now essentially negligible.
Under 30k domains total out of ~13.3 million.
> The algorithm 7 downward trend is less dramatic, but by now
> clearly established as unlikely to be a fluke.
This has continued apace, with ~12k fewer algorithm domains
each month since the peak in August 2019. At this pace it
would however take ~15 years for algorithm 7 to be phased out,
so it would be nice to see a more dramatic pace of migration to
8 or 13.
Below are graphs for 7, and 8 + 13:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alg7.pdf
Type: application/pdf
Size: 11273 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201207/134e613f/attachment.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: algs-8+13.pdf
Type: application/pdf
Size: 14967 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201207/134e613f/attachment-0001.pdf>
-------------- next part --------------
Presently 13 (ECDSA P256) is both the single most numerous and fastest
growing DNSSEC algorithm.
--
Viktor.
More information about the dns-operations
mailing list