<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Come to the “cold” side - register a .se domain! :-)<div class=""><br class=""></div><div class="">In freezing Sweden we do not restrict alg numbers for DS records.</div><div class=""><br class=""></div><div class="">/Ulrich</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 18 Feb 2021, at 23:43, Simon Arlott via dns-operations <<a href="mailto:dns-operations@dns-oarc.net" class="">dns-operations@dns-oarc.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><br class=""><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Simon Arlott <<a href="mailto:simon@arlott.org" class="">simon@arlott.org</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">Support for ED25519/ED448 DS records by OpenSRS</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">18 February 2021 at 23:43:53 CET<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:dns-operations@dns-oarc.net" class="">dns-operations@dns-oarc.net</a><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">Simon Arlott <<a href="mailto:1lCs1Z-00055l-AO=c68e95e9b149.reply@sa.me.uk" class="">1lCs1Z-00055l-AO=c68e95e9b149.reply@sa.me.uk</a>><br class=""></span></div><br class=""><br class="">My OpenSRS reseller is unable to get them to support ED25519/ED448 DS<br class="">records in .AU (I have a response from the administrator of the domain<br class="">informing me that the registrar supports these algorithm types):<br class=""><br class=""><blockquote type="cite" class="">We're sorry but OpenSRS has stated that they cannot easily/quickly setup<br class="">support for these algorithms and to submit requests via their public forum<br class="">for support to be added.<br class=""><br class=""><a href="https://help.opensrs.com/hc/en-us/community/topics/200120733-Suggestions-Ideas" class="">https://help.opensrs.com/hc/en-us/community/topics/200120733-Suggestions-Ideas</a><br class=""></blockquote><br class="">Support for ED25519 and ED448 in DNSSEC has been a standard for 4 years<br class="">now.<br class=""><br class=""><br class="">Registries and registrars appear to be repeating the same problems that<br class="">have plagued IPv6 glue for years with these overly restrictive policies<br class="">on DS records.<br class=""><br class="">Is anything being done to advise TLD operators and registrars to not do<br class="">this and encourage them to keep up to date if they do?<br class=""><br class="">Supposedly it is to protect registrants from bad data but it would be<br class="">trivial to simply enter the wrong numbers in the individual component DS<br class="">record web forms that everyone is fond of.<br class=""><br class=""><br class="">Nominet (the .UK registry) have a similar problem being unable to add<br class="">two numbers to a list:<br class=""><br class=""><blockquote type="cite" class="">Unfortunately, there are no dates yet as to when this might be implemented<br class=""></blockquote><br class="">-- <br class="">Simon Arlott<br class=""><br class=""><br class="">_______________________________________________<br class="">dns-operations mailing list<br class=""><a href="mailto:dns-operations@lists.dns-oarc.net" class="">dns-operations@lists.dns-oarc.net</a><br class="">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br class=""></div></blockquote></div><br class=""></div></body></html>