diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 9233976..a4fa4ed 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -1472,6 +1472,13 @@ example.com = zk2 | |||
| 1472 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) | 1472 | ECDSA. GNS uses 256-bit curves because that way the encoded (public) |
| 1473 | keys fit into a single DNS label, which is good for usability. | 1473 | keys fit into a single DNS label, which is good for usability. |
| 1474 | </t> | 1474 | </t> |
| 1475 | <t> | ||
| 1476 | In terms of crypto-agility, whenever the need for an updated cryptographic | ||
| 1477 | scheme arises to replace ECDSA over Curve25519 it may simply be introduced | ||
| 1478 | through a new record type. Such a new record type may then replace | ||
| 1479 | the PKEY record type for future records. The old record type remains | ||
| 1480 | and zones can iteratively migrate to the updated zone keys. | ||
| 1481 | </t> | ||
| 1475 | </section> | 1482 | </section> |
| 1476 | <section anchor="security_abuse" numbered="true" toc="default"> | 1483 | <section anchor="security_abuse" numbered="true" toc="default"> |
| 1477 | <name>Abuse mitigation</name> | 1484 | <name>Abuse mitigation</name> |