Sept. 2, 2022
2:45 a.m.
On Sep 1, 2022, at 21:10, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
I mean, if the signed zone is loaded from disk, and rarely actually transfered over the network, then maybe having huge-sized signatures (which some NIST candidates feature) isn't so much a problem.
You are talking post quantum algorithms ? The ones that aren’t chosen yet by NIST, aren’t specified in RFCs and aren’t implemented in any software and aren’t deployed anywhere in resolvers ? I think maybe the root should first roll to like algo 13 or something similar where there is operational experience. Paul