[Yeti DNS Discuss] OT: migration to ECDSA / edwards curves

Daniel Stirnimann daniel.stirnimann at switch.ch
Fri Aug 25 08:25:15 UTC 2017

> So what' is the show stopper? Why should one not use ECDSA (or the upcoming ed25519/ed448)?
> At least EC signatures do avoid IPv6 UDP fragmentation in most cases.

The main reason for me is that until some years ago, the number of
resolvers supporting ECDSA was still low [1]. I remember the following
stats from Geoff Huston measurements:

 * Sep 2014, 1 out 3 validating resolver which validate RSA don't
validate ECDSA
 * Jan 2016, 1 out 6 validating resolver which validate RSA don't
validate ECDSA

You don't want to loose many validating resolvers which then treat your
zone as insecure. Having said that I don't see any show stopper for
ECDSA today. switch.ch uses ECDSA since April 2016 and we would do the
same for .ch if IANA would accept it for the root zone.

Other areas of raised concerns regarding ECDSA were signature validation
performance, non-deterministic signatures. k (nonce) needs to be unique
per signature.


[1] https://stats.labs.apnic.net/ecdsa

More information about the discuss mailing list