Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

27653 On the Adoption of the Elliptic Curve Digital Signature Algorithm (ECDSA) in DNSSEC
Home Policy Brochure Browse Search User Area Contact Help

van Rijswijk-Deij, R.M. and Jonker, Mattijs and Sperotto, A. (2016) On the Adoption of the Elliptic Curve Digital Signature Algorithm (ECDSA) in DNSSEC. In: Proceedings of the 12th international Conference on Network and Service Management (CNSM 2016), 31 Oct - 04 Nov 2016, Montreal, Canada. pp. 258-262. IEEE. ISBN 978-1-5090-3236-5

Full text available as:


515 Kb

Official URL:


The Domain Name System Security Extensions (DNSSEC) are steadily being deployed across the Internet. DNSSEC extends the DNS protocol with two vital security properties, authenticity and integrity, using digital signatures. While DNSSEC is meant to solve security issues in the DNS, it also introduces a new one: the digital signatures significantly increase DNS packet sizes, making DNSSEC an attractive vector to abuse in amplification denial-of-service attacks. By default, DNSSEC uses RSA for digital signatures. Earlier work has shown that alternative signature schemes, based on elliptic curve cryptography, can significantly reduce the impact of signatures on DNS response sizes. In this paper we study the actual adoption of ECDSA by DNSSEC operators, based on longitudinal datasets covering over 50% of the global DNS namespace over a period of 1.5 years. Adoption is still marginal, with just 2.3% of DNSSEC-signed domains in the .com TLD using ECDSA. Nevertheless, use of ECDSA is growing, with at least one large operator leading the pack. And adoption could be up to 42% higher. As we demonstrate, there are barriers to deployment that hamper adoption. Operators wishing to deploy DNSSEC using current recommendations (with ECDSA as signing algorithm) must be mindful of this when planning their deployment.

Item Type:Conference or Workshop Paper (Full Paper, Poster)
Research Group:EWI-DACS: Design and Analysis of Communication Systems
Research Program:CTIT-General
Research Project:FLAMINGO-2: Management Of Future Internet, Gigaport: Research on Networks
ID Code:27653
Deposited On:15 March 2017
More Information:statistics

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item