[dns-operations] Support for ED25519/ED448 DS records by OpenSRS
Ulrich Wisser
ulrich at wisser.se
Fri Feb 19 13:59:06 UTC 2021
Come to the “cold” side - register a .se domain! :-)
In freezing Sweden we do not restrict alg numbers for DS records.
/Ulrich
> On 18 Feb 2021, at 23:43, Simon Arlott via dns-operations <dns-operations at dns-oarc.net> wrote:
>
>
> From: Simon Arlott <simon at arlott.org>
> Subject: Support for ED25519/ED448 DS records by OpenSRS
> Date: 18 February 2021 at 23:43:53 CET
> To: dns-operations at dns-oarc.net
> Reply-To: Simon Arlott <1lCs1Z-00055l-AO=c68e95e9b149.reply at sa.me.uk>
>
>
> My OpenSRS reseller is unable to get them to support ED25519/ED448 DS
> records in .AU (I have a response from the administrator of the domain
> informing me that the registrar supports these algorithm types):
>
>> We're sorry but OpenSRS has stated that they cannot easily/quickly setup
>> support for these algorithms and to submit requests via their public forum
>> for support to be added.
>>
>> https://help.opensrs.com/hc/en-us/community/topics/200120733-Suggestions-Ideas
>
> Support for ED25519 and ED448 in DNSSEC has been a standard for 4 years
> now.
>
>
> Registries and registrars appear to be repeating the same problems that
> have plagued IPv6 glue for years with these overly restrictive policies
> on DS records.
>
> Is anything being done to advise TLD operators and registrars to not do
> this and encourage them to keep up to date if they do?
>
> Supposedly it is to protect registrants from bad data but it would be
> trivial to simply enter the wrong numbers in the individual component DS
> record web forms that everyone is fond of.
>
>
> Nominet (the .UK registry) have a similar problem being unable to add
> two numbers to a list:
>
>> Unfortunately, there are no dates yet as to when this might be implemented
>
> --
> Simon Arlott
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210219/f1618a58/attachment.html>
More information about the dns-operations
mailing list