RFC6605 adds the following algorithms to DNSSEC:
- Algorithm 13:
ECDSAP256SHA256 - Algorithm 14:
ECDSAP384SHA384
These algorithms have been supported in BIND since version 9.8.4-P1, which was released in November of 2012.
The use of these algorithms significantly reduces the size of DNSSEC queries, which makes the use of DNSSEC significantly less resource intensive. Their adoption is thus seemingly important to the success of DNSSEC.
However, I noticed that my DNS registrar, Dyn, does not support DS records with these algorithms. Communication with their technical support indicates that they have no plans to add support for these (admittedly "optional") algorithms.
My question is, are there any DNS registrars which support setting DS records using algorithms 13 and 14?
Aucun commentaire:
Enregistrer un commentaire