Paul Wouters via ksk-rollover <ksk-rollover@icann.org> wrote: >> Anyone done any experiments with signed root using some of the NIST >> candidates? RFC8806 keeps looking better and better to me. > How does 8806 relate to this? do you mean signed root as in KSK/ZSK? > Or do you mean the signing of the local root zone transfer (eg ZONEMD?) > This message is on the ksk-rollover, I assue you mean the first, but > 8806 isn't about that? I mean, if the signed zone is loaded from disk, and rarely actually transfered over the network, then maybe having huge-sized signatures (which some NIST candidates feature) isn't so much a problem. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide