Ed25519 in DNSSEC

nurmagoz · December 13, 2022, 2:34pm

Check the support/usage of Ed442 or Ed25519 in DNSSEC:

The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed448

The latest stable versions of OpenSSL (3.0 / 1.1.1) fully support Ed25519

Patrick · December 13, 2022, 5:38pm

DNSSEC is enabled but the specifics are up to the domain registrar. However prefect or imperfect these settings might be doesn’t really matter because at time of writing, browsers do not check DNSSEC.

By looking at https://bugzilla.mozilla.org/show_bug.cgi?id=672600 it seems browser won’t be supporting DNSSEC either.

DNS-based Authentication of Named Entities - Wikipedia also looks dim.

References:
https://www.kicksecure.com/wiki/Dev/About_Infrastructure#DANE_TLSA

(Whonix is based on Kicksecure.)