Can I reasonably use SHA-256 in a DNSSEC deployment?
I know that RFC 5702 documents the use of SHA-2 in DNSSEC, and that RFC 6944 defines RSA/SHA-256 as "recommended to implement." What I'm not aware of is just how widely-implemented SHA-256 is in validating resolvers.
Is it practical to sign Internet zones (those I'm particularly interested in are .org
domains) with SHA-256, or am I making my zone unverifiable to large swathes of the DNSSEC-aware Internet?
As a follow-up, can key schedules change with a hash change to keep the same level of security (e.g. can I work around using SHA-1 by having shorter key schedules)?
The root zone (aka .
) itself is signed with RSA/SHA256 (KSK as well as ZSK are RSA/SHA256).
Thus, a validating resolver that does not support RSA/SHA256 will be mostly useless on the Internet as it wouldn't be able to validate the full chain.
I think it's safe for you to assume that RSA/SHA256 is supported.
http://dnsviz.net/d/org/dnssec/ may provide a useful visualization of the keys in use up to the org
zone.