Check the support/usage of Ed442 or Ed25519 in DNSSEC:
The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed448
The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed25519
Check the support/usage of Ed442 or Ed25519 in DNSSEC:
The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed448
The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed25519
DNSSEC is enabled but the specifics are up to the domain registrar. However prefect or imperfect these settings might be doesn’t really matter because at time of writing, browsers do not check DNSSEC.
By looking at https://bugzilla.mozilla.org/show_bug.cgi?id=672600 it seems browser won’t be supporting DNSSEC either.
DNS-based Authentication of Named Entities - Wikipedia also looks dim.
References:
https://www.kicksecure.com/wiki/Dev/About_Infrastructure#DANE_TLSA
(Whonix is based on Kicksecure.)
See also: