[Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA?
Paul Hoffman <paul.hoffman@icann.org> Fri, 19 December 2025 15:26 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: pq-dnssec@mail2.ietf.org
Delivered-To: pq-dnssec@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3FE7C9CE5023 for <pq-dnssec@mail2.ietf.org>; Fri, 19 Dec 2025 07:26:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iana.org header.b="ob/GMwSj"; dkim=pass (2048-bit key) header.d=icann.org header.b="AKjLjpUh"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsjrAAWHGXga for <pq-dnssec@mail2.ietf.org>; Fri, 19 Dec 2025 07:26:11 -0800 (PST)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 28AEE9CE501E for <pq-dnssec@ietf.org>; Fri, 19 Dec 2025 07:26:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iana.org; h=cc :content-id:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= 202509; bh=FYtUhO+zeH1O3CADovpOMX/oQDmfAJc93fo9TcvmaPk=; b=ob/GM wSjsfmhuPvtoOzzB9lZ/uC4LuD9kj+9yxi2duXKbUnDWWXwNxEyrCVrN8wGuMgoP W7AgGnjHEdFUBbJgWJTLZeZaz+GW8nLlLMCq/8hhALSXY/AT7AfYdxRsyg/tdU/J HQZ3HWiEW1ZhiE3lZosC/5opMQPg3ell0SUeORWRh2nDQU0uVV+Qu2gUoKb1YCPA hciNo+19+Wev5P1lJSLmQq5hTgEzyLsOTccJCi/OTE5EYoWjQ2HXy6F+0f6+zLbh DntOoelmozbWajowSOaDvoAxU6HSPATY9oht7XXYh2m17SG+HrSbEiEhlu65Ten8 12qvHHUfw8BhIthBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icann.org; h=cc :content-id:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= able; bh=FYtUhO+zeH1O3CADovpOMX/oQDmfAJc93fo9TcvmaPk=; b=AKjLjpU hH0A3ugrptjfTEyCHBcJwd9c301G7B3G7fSFpXHs9gqqg36XGnB63lvSmrBiGoa0 6k/B0KWldkr1RC2rlFf9Wixz2v5M5WD1oAbFJm8AfhdZCCg8lDSKkw9kUlQS6Tx1 HgiCnNAuUir29k98JiS7Q2krZrpXtLv5AaZhn1tYVHHFT1sNboRFRvvH/EqEBsNm AtJ6CW/7DAL8n0+AMEypP34WnGj0AgzWjzVctVyaqa/qc1PIcAMkdWhqZhXmDRWQ 3JSXEQrAwx+7xtC8JCiB5z9zN/UowwmOVj2L0Y69NAV03/PBw5jtE2t5PPXlhcPE 3N/ETCt3UC9t1rw==
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa3.lax.icann.org (8.18.1.2/8.18.1.2) with ESMTPS id 5BJFQ3TN012125 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Dec 2025 15:26:04 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Fri, 19 Dec 2025 07:26:02 -0800
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.2562.029; Fri, 19 Dec 2025 07:26:02 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Ondřej Surý <ondrej@sury.org>
Thread-Topic: [Ext] [Pq-dnssec] Re: Can DNSSEC use ML-DSA?
Thread-Index: AQHccIrbQ7qnJEKXLUiXnZB8n0UslrUo/6uAgACc7AA=
Date: Fri, 19 Dec 2025 15:26:02 +0000
Message-ID: <D4EA915D-DAD6-4B81-ACDD-0EAA5574C7CE@icann.org>
References: <3FAC7676-A732-4D66-90E9-D1FEA8327B3B@icann.org> <50E39C41-ACA4-4560-950E-BEBCDD682B49@sury.org>
In-Reply-To: <50E39C41-ACA4-4560-950E-BEBCDD682B49@sury.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.125.144.255]
x-source-routing-agent: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A9D50F0F61D8774880E1F708B72E2A76@pexch112.icann.org>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-12-19_05,2025-12-17_02,2025-10-01_01
Message-ID-Hash: HBF5ZLB46U5HB4WKWVM65ZYAV25NEG2N
X-Message-ID-Hash: HBF5ZLB46U5HB4WKWVM65ZYAV25NEG2N
X-MailFrom: paul.hoffman@icann.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "pq-dnssec@ietf.org" <pq-dnssec@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA?
List-Id: Discussion list for post-quantum DNSSEC research <pq-dnssec.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pq-dnssec/qBExgV9LZASiboKj5eQgV8JhlDc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pq-dnssec>
List-Help: <mailto:pq-dnssec-request@ietf.org?subject=help>
List-Owner: <mailto:pq-dnssec-owner@ietf.org>
List-Post: <mailto:pq-dnssec@ietf.org>
List-Subscribe: <mailto:pq-dnssec-join@ietf.org>
List-Unsubscribe: <mailto:pq-dnssec-leave@ietf.org>
On Dec 18, 2025, at 22:04, Ondřej Surý <ondrej@sury.org> wrote: > > The fallback to TCP for signatures would be pretty horrible. I'm trying to get a handle on "horrible". It clearly would cause more traffic, but enough to matter? It would also cause more stress on kernels, but enough to matter? What do we know about active DNS resolvers that suck at TCP fallback? Do any of the validate? What about active DNS authoritatives that suck at TCP fallback? > Especially the NSEC3 with optout where you can’t use aggressive caching would be hit pretty hard. Would using NSEC be better? Or (and I'm just guessing here with absolutely no design in mind) is there an NSECPQ that can be rolled out at the same time that would significantly reduce the horribleness of ML-DSA? > But I have all the scaffolding in place from my previous study, so let me see if I can put these words into numbers over holidays. That would be lovely, even if it is after the holidays. I meant to drop this question a week ago but other stuff got in the way. We are still not in a rush, but I strongly suspect that if the TLS world decides over the next year that ML-DSA is fine for their authentication, there will be more questions coming our way. --Paul Hoffman
- [Pq-dnssec] Can DNSSEC use ML-DSA? Paul Hoffman
- [Pq-dnssec] Re: Can DNSSEC use ML-DSA? Ondřej Surý
- [Pq-dnssec] Re: Can DNSSEC use ML-DSA? Thom Wiggers
- [Pq-dnssec] Re: Can DNSSEC use ML-DSA? Peter Thomassen
- [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA? Paul Hoffman
- [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA? Paul Hoffman
- [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA? Paul Hoffman
- [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA? Ondřej Surý
- [Pq-dnssec] Re: Can DNSSEC use ML-DSA? Stephane Bortzmeyer
- [Pq-dnssec] Re: Can DNSSEC use ML-DSA? Russ Housley
- [Pq-dnssec] Re: [Ext] Re: Can DNSSEC use ML-DSA? Paul Hoffman