Update on stats 2019-11

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Dec 2 18:44:06 CET 2019

On Mon, Dec 02, 2019 at 11:16:56AM +0100, Michael Grimm wrote:

> Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> >          Also adoption of ECDSA P-256 (algorithm 13) continues to grow,
> >          and the number of domains using P-256 KSKs has almost reached
> >          parity with RSA-SHA256 (algorithm 8), which is just ahead for
> >          now, but likely not for very much longer.
> My KSK and ZSK are both of algorithm 8 and 2048 bits in size.

That's mostly OK, but the 2048-bit ZSK means that denial of existence responses
are likely to exceed the IPv6 MTU, and may be cause some lookup issues.  With
RSA, the best-practice ZSK size is likely 1280 bits, rotated often enough
(every 90 days or so) to not pose significant risk of cryptanalysis.

> Is it correct to assume that -due to the growing adoption of algorithm 13-
> that this algorithm should be preferred?

Yes.  ECDSA P-256 is better suited to DNSSEC.

> #) Can one mix KSK and ZSK algorithms? 

This is not recommended, to switch algorithms:

    0. Migrate to a 1280 or 1024-bit ZSK, to keep packet sizes down,
       wait a few TTLs.

    1. Add and activate a P-256 ZSK, wait a few TTLs after all secondaries are
       serving the updated zone.

    2. Add an activate a P-256 KSK, wait a few TTLs after all secondaries are
       serving the updated zone.

    3. Update the DS record in the parent zone to match the P-256 KSK (you can
       now drop the DS matching the RSA KSK).  Wait a few parent zone TTLs after
       new DS is visible in all parent zone nameservers.

    4. Drop the RSA KSK from your zone, wait a few TTLs.

    5. Drop the RSA ZSK from your zone.  You're done.

>    (I do have a rollover of my ZSKs due in a couple of days. Thus starting with ZSKs would be convenient.)

* The order of addition is:  ZSK -> KSK -> DS
* The order of removal is: DS -> KSK -> ZSK

> #) Would it be wise to increase from 2048 to 4096 bits size?

Definitely not, instead 1280 bits, but then migrate to P-256.


More information about the dane-users mailing list