Update on stats 2019-11

Michael Grimm trashcan at ellael.org
Mon Dec 2 11:16:56 CET 2019


Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:

>          Also adoption of ECDSA P-256 (algorithm 13) continues to grow,
>          and the number of domains using P-256 KSKs has almost reached
>          parity with RSA-SHA256 (algorithm 8), which is just ahead for
>          now, but likely not for very much longer.

My KSK and ZSK are both of algorithm 8 and 2048 bits in size.

Is it correct to assume that -due to the growing adoption of algorithm 13- that this algorithm should be preferred? 
If so, I would like to migrate. 
But, I do have some questions to the community beforehand:

#) Can one mix KSK and ZSK algorithms? 

   (I do have a rollover of my ZSKs due in a couple of days. Thus starting with ZSKs would be convenient.)

#) Would it be wise to increase from 2048 to 4096 bits size?

Thanks in advance and with kind regards,

More information about the dane-users mailing list