Slow zone signing with ECDSA

Chris Thompson cet1 at cam.ac.uk
Thu Apr 20 15:03:21 UTC 2017


On Apr 20 2017, Tony Finch wrote:

>Mark Andrews <marka at isc.org> wrote:
>>
>> DSA requires random values as part of the signing process.
>
>Traditionally, yes, but it isn't actually required -
>https://tools.ietf.org/html/rfc6979

There is a great deal to be said for using deterministic DSA even if
your random number source is both trustworthy and fast.

The EdDSA standards (RFCs 8032 & 8080) mandate deterministic signatures
and this is certainly intentional. Of course, there are also many other
ways in which they are improvements on the earlier NIST-based ECDSA
standards, and we should all be looking forward to the time when BIND,
inter alia, supports them...

-- 
Chris Thompson
Email: cet1 at cam.ac.uk


More information about the bind-users mailing list