Update on stats 2019-11
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Dec 2 18:44:06 CET 2019
On Mon, Dec 02, 2019 at 11:16:56AM +0100, Michael Grimm wrote:
> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> > Also adoption of ECDSA P-256 (algorithm 13) continues to grow,
> > and the number of domains using P-256 KSKs has almost reached
> > parity with RSA-SHA256 (algorithm 8), which is just ahead for
> > now, but likely not for very much longer.
>
>
> My KSK and ZSK are both of algorithm 8 and 2048 bits in size.
That's mostly OK, but the 2048-bit ZSK means that denial of existence responses
are likely to exceed the IPv6 MTU, and may be cause some lookup issues. With
RSA, the best-practice ZSK size is likely 1280 bits, rotated often enough
(every 90 days or so) to not pose significant risk of cryptanalysis.
> Is it correct to assume that -due to the growing adoption of algorithm 13-
> that this algorithm should be preferred?
Yes. ECDSA P-256 is better suited to DNSSEC.
> #) Can one mix KSK and ZSK algorithms?
This is not recommended, to switch algorithms:
0. Migrate to a 1280 or 1024-bit ZSK, to keep packet sizes down,
wait a few TTLs.
1. Add and activate a P-256 ZSK, wait a few TTLs after all secondaries are
serving the updated zone.
2. Add an activate a P-256 KSK, wait a few TTLs after all secondaries are
serving the updated zone.
3. Update the DS record in the parent zone to match the P-256 KSK (you can
now drop the DS matching the RSA KSK). Wait a few parent zone TTLs after
new DS is visible in all parent zone nameservers.
4. Drop the RSA KSK from your zone, wait a few TTLs.
5. Drop the RSA ZSK from your zone. You're done.
> (I do have a rollover of my ZSKs due in a couple of days. Thus starting with ZSKs would be convenient.)
* The order of addition is: ZSK -> KSK -> DS
* The order of removal is: DS -> KSK -> ZSK
> #) Would it be wise to increase from 2048 to 4096 bits size?
Definitely not, instead 1280 bits, but then migrate to P-256.
--
Viktor.
More information about the dane-users
mailing list