← Back to context

Comment by some_furry

4 hours ago

> "Bloats record sizes"

> - ECC sigs can be sent in a single packet.

It's 2026. If you're deploying a cryptosystem and not considering post-quantum in your analysis, you'd best have a damn good reason.

ECC signs might be small, but the world will be moving to ML-DSA-44 in the near future. That needs to be in your calculus.

16 comments

some_furry

Reply
indolering  4 hours ago

True, but DNSSEC doesn't need to worry about forward secrecy and it doesn't need quantum protection until someone can start breaking keys in under a year. Hopefully we will find more efficient PQC by then.

  • tptacek  4 hours ago

    People tried to move DNSSEC from RSA to ECC more than a decade ago. How'd that migration go? If you like, I can give you APNIC's answer.

    • indolering  4 hours ago

      RSA is still fine given that you can't break it in a year and we aren't worried about forward secrecy.

      Also, I worked for a DNS company. People stopped caring about ulta-low latency first connect times back in the 90s.

      You are clearly very proud of your work devaluing DNSSEC. But pointing to lack of adoption doesn't make your arguments valid.

      13 replies →