[Opendnssec-user] ECC algo signing in ods?

PGNet Dev pgnet.dev at gmail.com
Wed Dec 21 15:18:05 UTC 2016

On 12/19/2016 11:28 AM, Yuri Schaeffer wrote:
>> I assume that the ods algo #'s match the IANA's for the ECDSA P-256 & P-384 algos?  i.e., "13" & "14"?
> Yes!

When switching to ECC algo, e.g. for AES-256 'equivalency' (fyi, why the keylength naming is as it is: http://crypto.stackexchange.com/questions/9901/why-is-the-p-521-elliptic-curve-not-in-suite-b-if-aes-256-is)

	14 	ECDSA Curve P-384 with SHA-384

what's the required form for the <Algorithm length="???"> parameter ?  

		<!-- Parameters for KSK only -->
??		    <Algorithm length="2048">8</Algorithm>

		<!-- Parameters for ZSK only -->
??		    <Algorithm length="1024">8</Algorithm>
		    <!-- <ManualRollover/> -->

Does it need to be SPECIFIED for ods config? as key length,

	<Algorithm length="384">P-384</Algorithm>


	<Algorithm length="256">P-384</Algorithm>

or, since it's implicit in the curve definition, not at all,



More information about the Opendnssec-user mailing list