On 2019/12/02 12:16, Michael Grimm wrote:
Hi
Viktor Dukhovni ietf-dane@dukhovni.org wrote:
Also adoption of ECDSA P-256 (algorithm 13) continues to grow, and the number of domains using P-256 KSKs has almost reached parity with RSA-SHA256 (algorithm 8), which is just ahead for now, but likely not for very much longer.
I run a small ISP in South Africa - with about 2000 domains. About 200 of these are DNSSEC signed. I'm in the process of migrating them from algo 8 to algo 13. Its all scripted and the conversions are all happening automatically. *The KSK-ZSK chain has to be complete**through with at least one common Algorithm.* I also don't want to re-sign everything at the same time - so everything is spread out over a year. I keep KSK's for a year and ZSK's for a month. ZSK's are dealt with totally internally where as a KSK rollover means talking to the Parent zone and changing DS records - so I'm timing everything with my KSK's.
When a KSK is due to roll, create both a Algo-13 KSK and ZSK. iUpload the appropriate DS. Once the new DS record is "seen" (and give it another day) - then delete the old DS, KSK and ZSK.
The KSK and ZSK signatures are much shorter - so you are less lightly to be used as a DDOS source for a DNS Denial of service attack (the amplification is way lower).
*You don't need to increase the Key Size. *
My KSK and ZSK are both of algorithm 8 and 2048 bits in size.
Is it correct to assume that -due to the growing adoption of algorithm 13- that this algorithm should be preferred? If so, I would like to migrate. But, I do have some questions to the community beforehand:
#) Can one mix KSK and ZSK algorithms?
(I do have a rollover of my ZSKs due in a couple of days. Thus starting with ZSKs would be convenient.)#) Would it be wise to increase from 2048 to 4096 bits size?
Thanks in advance and with kind regards, Michael
