diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
-rw-r--r-- | draft-schanzen-gns.xml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9233976..a4fa4ed 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1472,6 +1472,13 @@ example.com = zk2 | |||
1472 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) | 1472 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) |
1473 | keys fit into a single DNS label, which is good for usability. | 1473 | keys fit into a single DNS label, which is good for usability. |
1474 | </t> | 1474 | </t> |
1475 | <t> | ||
1476 | In terms of crypto-agility, whenever the need for an updated cryptographic | ||
1477 | scheme arises to replace ECDSA over Curve25519 it may simply be introduced | ||
1478 | through a new record type. Such a new record type may then replace | ||
1479 | the PKEY record type for future records. The old record type remains | ||
1480 | and zones can iteratively migrate to the updated zone keys. | ||
1481 | </t> | ||
1475 | </section> | 1482 | </section> |
1476 | <section anchor="security_abuse" numbered="true" toc="default"> | 1483 | <section anchor="security_abuse" numbered="true" toc="default"> |
1477 | <name>Abuse mitigation</name> | 1484 | <name>Abuse mitigation</name> |