[dns-operations] Registrars supporting ED25519

Geoff Huston gih at apnic.net
Sat Jul 31 20:28:38 UTC 2021


> On 1 Aug 2021, at 1:21 am, Eric Germann via dns-operations <dns-operations at dns-oarc.net> wrote:
> 
> 
> From: Eric Germann <ekgermann at semperen.com>
> Subject: Registrars supporting ED25519
> Date: 1 August 2021 at 1:21:39 am AEST
> To: dns-operations at lists.dns-oarc.net
> 
> 
> I’m doing some work on my own test domains with ED25519.  
> 
> Does anyone know of any registers that support ED25519?
> 
> Is there a list somewhere?
> 

On this topic, I note that Joao Damas and I tested the level of support for DNSSEC validation using ED25519 in May and June this year. The writeup of this measurement can be found at https://www.potaroo.net/ispcol/2021-06/eddi.html. At this stage a number of large ISPs that operate DNS services perform DNSSEC validation do not support this particular algorithm, and the level of support in DNSSEC-validators is in total some 50% of the level of support for RSA and ECDSA P-256. This may change in the future of course, but at this stage it does not appear to offer any compelling features that stand it apart from ECDSA P-256, and some significant differences in the lack of algorithm support in validating resolvers.

Geoff










More information about the dns-operations mailing list