{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T05:21:07Z","timestamp":1775107267344,"version":"3.50.1"},"reference-count":14,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2015,9,30]],"date-time":"2015-09-30T00:00:00Z","timestamp":1443571200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SURF","award":["n\/a"],"award-info":[{"award-number":["n\/a"]}]},{"name":"European Union Framework Programme 7","award":["318488"],"award-info":[{"award-number":["318488"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2015,9,30]]},"abstract":"<jats:p>The Domain Name System Security Extensions (DNSSEC) add authenticity and integrity to the DNS, improving its security. Unfortunately, DNSSEC is not without problems. DNSSEC adds digital signatures to the DNS, significantly increasing the size of DNS responses. This means DNSSEC is more susceptible to packet fragmentation and makes DNSSEC an attractive vector to abuse in amplification-based denial-of-service attacks. Additionally, key management policies are often complex. This makes DNSSEC fragile and leads to operational failures. In this paper, we argue that the choice for RSA as default cryptosystem in DNSSEC is a major factor in these three problems. Alternative cryptosystems, based on elliptic curve cryptography (ECDSA and EdDSA), exist but are rarely used in DNSSEC. We show that these are highly attractive for use in DNSSEC, although they also have disadvantages. To address these, we have initiated research that aims to investigate the viability of deploying ECC at a large scale in DNSSEC.<\/jats:p>","DOI":"10.1145\/2831347.2831350","type":"journal-article","created":{"date-parts":[[2015,10,1]],"date-time":"2015-10-01T12:03:14Z","timestamp":1443700994000},"page":"13-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Making the Case for Elliptic Curves in DNSSEC"],"prefix":"10.1145","volume":"45","author":[{"given":"Roland","family":"van Rijswijk-Deij","sequence":"first","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anna","family":"Sperotto","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aiko","family":"Pras","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2015,9,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"G. van den Broek R. van Rijswijk A. Sperotto and A. Pras. DNSSEC Meets Real World: Dealing with Unreachability Caused by Fragmentation. IEEE Communications Magazine 52(April):154--160 2014.  G. van den Broek R. van Rijswijk A. Sperotto and A. Pras. DNSSEC Meets Real World: Dealing with Unreachability Caused by Fragmentation. IEEE Communications Magazine 52(April):154--160 2014.","DOI":"10.1109\/MCOM.2014.6828880"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663731"},{"key":"e_1_2_1_3_1","first-page":"1484","volume-title":"Proc. of IEEE CISS 2006","author":"Ager B.","year":"2007"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2010.10"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/2709096.2709106"},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","unstructured":"E. Barker W. Barker W. Burr W. Polk and M. Smid. Recommendation for Key Management - Part 1: General (r. 3). NIST SP800--57 2012.  E. Barker W. Barker W. Burr W. Polk and M. Smid. Recommendation for Key Management - Part 1: General (r. 3). NIST SP800--57 2012.","DOI":"10.6028\/NIST.SP.800-57p1r3"},{"key":"e_1_2_1_7_1","unstructured":"E. Barker and Q. Dang. Recommendation for Key Management - Part 3: Application-Specific Key Management Guidance (r. 1). NIST SP 800--57 2015.  E. Barker and Q. Dang. Recommendation for Key Management - Part 3: Application-Specific Key Management Guidance (r. 1). NIST SP 800--57 2015."},{"key":"e_1_2_1_8_1","volume-title":"Springer","author":"Hankerson D.","year":"2004"},{"key":"e_1_2_1_9_1","volume-title":"Processing Standards Publication","author":"NIST.","year":"2009"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-012-0027-1"},{"key":"e_1_2_1_11_1","first-page":"389","volume-title":"Twisted Edwards Curves. In AFRICACRYPT 2008","volume":"2","author":"Bernstein D.","year":"2008"},{"key":"e_1_2_1_12_1","unstructured":"S. Josefsson and N. Moeller. EdDSA and Ed25519 (draft-josefsson-eddsa-ed25519-03) 2015.  S. Josefsson and N. Moeller. EdDSA and Ed25519 (draft-josefsson-eddsa-ed25519-03) 2015."},{"key":"e_1_2_1_13_1","unstructured":"O. Sur\u00fd. Ed25519 for DNSSEC (draft-sury-dnskey-ed25519-00) 2015.  O. Sur\u00fd. Ed25519 for DNSSEC (draft-sury-dnskey-ed25519-00) 2015."},{"key":"e_1_2_1_14_1","first-page":"2012","author":"Smart N.","year":"2011","journal-title":"ECRYPT II Yearly Report on Algorithms and Keysizes"}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2831347.2831350","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2831347.2831350","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:12Z","timestamp":1750225692000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2831347.2831350"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,9,30]]},"references-count":14,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2015,9,30]]}},"alternative-id":["10.1145\/2831347.2831350"],"URL":"https:\/\/doi.org\/10.1145\/2831347.2831350","relation":{},"ISSN":["0146-4833"],"issn-type":[{"value":"0146-4833","type":"print"}],"subject":[],"published":{"date-parts":[[2015,9,30]]},"assertion":[{"value":"2015-09-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}