commit 733e4800f6c132f1030df604cecb940d9ec38576 parent 432eece15b77ea870ba2081a0f245054e8dc093e Author: Martin Schanzenbach <mschanzenbach@posteo.de> Date: Mon, 6 Jul 2020 17:30:56 +0200 add text regarding crypto-agility Diffstat:
| M | draft-schanzen-gns.xml | | | 7 | +++++++ |
1 file changed, 7 insertions(+), 0 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml @@ -1472,6 +1472,13 @@ example.com = zk2 ECDSA. GNS uses 256-bit curves because that way the encoded (public) keys fit into a single DNS label, which is good for usability. </t> + <t> + In terms of crypto-agility, whenever the need for an updated cryptographic + scheme arises to replace ECDSA over Curve25519 it may simply be introduced + through a new record type. Such a new record type may then replace + the PKEY record type for future records. The old record type remains + and zones can iteratively migrate to the updated zone keys. + </t> </section> <section anchor="security_abuse" numbered="true" toc="default"> <name>Abuse mitigation</name>