What are the challenges in deploying new cryptographic algorithms for DNSSEC? As we look to move to using new crypto algorithms such as ECDSA, what are the barriers to getting those new algorithms rolled out? And how can we overcome those barriers?
A few of us wrote an Internet Draft on this topic:
and with IETF 98 fast approaching I am considering whether we need to publish a revision. So I’m curious – what do you think? Are there topics that we missed? Text that we could make a bit more clear? Additional points to consider?
We’d welcome any and all feedback. You can leave comments here on the blog post, or on social media where this appears… or you could just do that old-fashioned email thing.
Thanks in advance!