Support - Help
Algorithm roll-over experiences
Algorithm roll-overs are part of any security system, because older algorithms lose their strength, and stronger and newer algorithms come along. At the RIPE NCC we recently rolled our algorithm from SHA1 and to SHA256. We had some interesting issues, and I'd like to talk about them, especially as more people may want to consider rolling their algorithms now.
Amongst these issues were things like software support, testing, planning of the roll-over and timing issues.
The RIPE NCC's experiences with rolling DNSSEC signature algorithm from SHA1 to SHA256.