[dns-operations] How widely implemented are different DNSSEC algorithms?

Arsen STASIC arsen.stasic at univie.ac.at
Mon Sep 14 04:59:24 UTC 2020


* John Levine <johnl at taugh.com> [2020-09-11 14:29 (-0400)]:
>Are there any published numbers estimating how well the various DNSSEC
>algorithms are supported in DNS caches and client software?
>
>Or to put it another way, were I to switch from signing with
>algorithm 8 to 13, how much would I regret it?

Geoff Huston from APNIC has some nice graphs on ECDSA support (also in comparison to RSA support) in recursive nameservers:

https://stats.labs.apnic.net/ecdsa/AU
https://stats.labs.apnic.net/ecdsa/US

cheers,
arsen



More information about the dns-operations mailing list