NASK supports Elliptic Curve Cryptography in DNSSEC

NASK has extended the list of allowed values of DS records. The introduced change extends the pool of accepted DNSSEC algorithms by algorithm numbers 12, 13 and 14(*). Therefore, the subscribers are provided with a possibility of using elliptic curve cryptography to secure their domain names. Furthermore, the Registry system has also enabled users to add DS records containing a digest of DNSSEC key generated with algorithm number 3 or 4(**).

In the beginning of the year NASK conducted research on the application of elliptic curve cryptography by recursive resolvers supporting DNSSEC. We encourage you to get acquainted with the results.

 

(*) http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
(**) http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml

 

The current list of values of DS records, accepted by NASK, has been provided at: https://www.dns.pl/en/DNSSEC/FAQ.