[danyork]

tptacek - the root keys will remain RSA-keyed for some time. The root Key Signing Key (KSK) is 2048-bit RSA. The root Zone Signing Keys (ZSKs) that are CHANGED every 3 months (a ZSK key ceremony is in fact happening TODAY) are 1024-bit RSA.

There was strong interest in changing the algorithm when the KSK is rolled (when that occurs is still to be decided), but for the moment an algorithm change will not be part of that.

I don't deny that deployment of ED25519 will take some time. Once approved it has to be integrated into the signing software. It's also got to be integrated into the validation side. It's going to take time. So lets get started!

[tptacek]

How about, instead of getting started, we accept that DNSSEC is a failed 21-year-long experiment, and figure out a better way to get the moral equivalent of HSTS and HPKP for email links?

[galois198]

In the event that DNSSEC is adopted, what would the best course of action be to protect sites?

[tptacek]

The concern I have with DNSSEC is that if it's adopted --- where "adopted" means "by the major email providers and by browsers" --- there's not much you can do to protect yourself from the SIGINT agencies that control the top of the DNS tree.

If there was a significant benefit to users for DNSSEC adoption, I'd be my normal tedious "maybe it's good, maybe it's bad" self. But the benefits aren't there. Instead, DNSSEC will impose immense operational costs and in some ways reduce security:

https://news.ycombinator.com/item?id=10541719

This isn't a hard decision and I don't have a hard time siding with the anti-surveillance crowd on it.