March 31, 2016 to April 1, 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone

Algorithm roll-over experiences

Apr 1, 2016, 4:30 PM
Montserrat (Intercontinental Buenos Aires)


Intercontinental Buenos Aires

Buenos Aires, Argentina


Anand Buddhdev (RIPE NCC)


Algorithm roll-overs are part of any security system, because older algorithms lose their strength, and stronger and newer algorithms come along. At the RIPE NCC we recently rolled our algorithm from SHA1 and to SHA256. We had some interesting issues, and I'd like to talk about them, especially as more people may want to consider rolling their algorithms now. Amongst these issues were things like software support, testing, planning of the roll-over and timing issues.


The RIPE NCC's experiences with rolling DNSSEC signature algorithm from SHA1 to SHA256.

Primary author

Anand Buddhdev (RIPE NCC)

Presentation materials