{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T19:33:31Z","timestamp":1769024011051,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,27]],"date-time":"2020-10-27T00:00:00Z","timestamp":1603756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NFS","award":["CNS-1901090, CNS-1850465"],"award-info":[{"award-number":["CNS-1901090, CNS-1850465"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,27]]},"DOI":"10.1145\/3419394.3423638","type":"proceedings-article","created":{"date-parts":[[2020,10,22]],"date-time":"2020-10-22T20:30:22Z","timestamp":1603398622000},"page":"295-308","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["The Reality of Algorithm Agility"],"prefix":"10.1145","author":[{"given":"Moritz","family":"M\u00fcller","sequence":"first","affiliation":[{"name":"SIDN Labs and University of Twente"}]},{"given":"Willem","family":"Toorop","sequence":"additional","affiliation":[{"name":"NLnet Labs"}]},{"given":"Taejoong","family":"Chung","sequence":"additional","affiliation":[{"name":"Virginia Tech"}]},{"given":"Jelte","family":"Jansen","sequence":"additional","affiliation":[{"name":"SIDN Labs"}]},{"given":"Roland","family":"van Rijswijk-Deij","sequence":"additional","affiliation":[{"name":"University of Twente and NLnet Labs"}]}],"member":"320","published-online":{"date-parts":[[2020,10,27]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","unstructured":"R. Arends R. Austein M. Larson D. Massey and S. Rose. 2005. DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard). 21 pages. https:\/\/doi.org\/10.17487\/RFC4033 Updated by RFCs 6014 6840.","DOI":"10.17487\/RFC4033"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","unstructured":"R. Arends R. Austein M. Larson D. Massey and S. Rose. 2005. Protocol Modifications for the DNS Security Extensions. RFC 4035 (Proposed Standard). 53 pages. https:\/\/doi.org\/10.17487\/RFC4035 Updated by RFCs 4470 6014 6840 8198.","DOI":"10.17487\/RFC4035"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","unstructured":"R. Arends R. Austein M. Larson D. Massey and S. Rose. 2005. Resource Records for the DNS Security Extensions. RFC 4034 (Proposed Standard). 29 pages. https:\/\/doi.org\/10.17487\/RFC4034 Updated by RFCs 4470 6014 6840 6944.","DOI":"10.17487\/RFC4034"},{"key":"e_1_3_2_2_4_1","volume-title":"June","author":"Authors Various","year":"2006","unstructured":"Various Authors. [n.d.]. IETF DNSEXT Mailing List Archive, June 2006. https:\/\/mailarchive.ietf.org\/arch\/browse\/namedroppers\/?gbt=1&index=7M 2k1FW261sYIoDIqinA8WOrOZs."},{"key":"e_1_3_2_2_5_1","volume-title":"June","author":"Authors Various","year":"2020","unstructured":"Various Authors. [n.d.]. IETF DNSOP Mailing List Archive, June 2020. https:\/\/mailarchive.ietf.org\/arch\/msg\/dnsop\/EYv_-LfkyiQmdguYpbJ3LLX-4Ls\/."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2026"},{"key":"e_1_3_2_2_7_1","volume-title":"Ubuntu Wiki: Stable Release Updates. https:\/\/wiki.ubuntu. com\/StableReleaseUpdates.","author":"Murray Brian","year":"2020","unstructured":"Brian Murray. 2020. Ubuntu Wiki: Stable Release Updates. https:\/\/wiki.ubuntu. com\/StableReleaseUpdates."},{"key":"e_1_3_2_2_8_1","volume-title":"Report on Post-Quantum Cryptography. US Department of Commerce","author":"Chen Lily","unstructured":"Lily Chen, Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. 2016. Report on Post-Quantum Cryptography. US Department of Commerce, National Institute of Standards and Technology."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131373"},{"key":"e_1_3_2_2_10_1","unstructured":"Council of European National Top-Level Domain Registries (CENTR). 2020. CENTR Homepage. https:\/\/centr.org."},{"key":"e_1_3_2_2_11_1","unstructured":"Frank Dennis. 2020. libsodium Releases. https:\/\/github.com\/jedisct1\/libsodium\/releases?after=0.4."},{"key":"e_1_3_2_2_12_1","unstructured":"Not Disclosed. 2020. On the zone policy of a European ccTLD. Private correspondence."},{"key":"e_1_3_2_2_13_1","unstructured":"DNS OARC. 2020. DNSViz | A DNS visualization tool. https:\/\/dnsviz.net\/."},{"key":"e_1_3_2_2_14_1","unstructured":"DNSThought website. 2018. Atlas measurements used with DNSThought. https:\/\/dnsthought.nlnetlabs.nl\/raw\/."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5933"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"D. Eastlake 3rd. 2001. RSA\/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). RFC 3110 (Proposed Standard). 7 pages. https:\/\/doi.org\/10. 17487\/RFC3110 Updated by RFC 6944.","DOI":"10.17487\/rfc3110"},{"key":"e_1_3_2_2_17_1","unstructured":"Tony Finch. 2020. Archive of the DNS root zone. https:\/\/github.com\/fanf2\/save root."},{"key":"e_1_3_2_2_18_1","unstructured":"Internet Engineering Task Force. [n.d.]. History of draft-hoffman-dnssec-dsasha2. https:\/\/datatracker.ietf.org\/doc\/draft-hoffman-dnssec-dsa-sha2\/history\/."},{"key":"e_1_3_2_2_19_1","unstructured":"Dani Grant. 2015. Announcing Universal DNSSEC: Secure DNS for Every Domain. https:\/\/blog.cloudflare.com\/introducing-universal-dnssec\/."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","unstructured":"O. Gudmundsson. 2003. Delegation Signer (DS) Resource Record (RR). RFC 3658 (Proposed Standard). 19 pages. https:\/\/doi.org\/10.17487\/RFC3658 Obsoleted by RFCs 4033 4034 4035 updated by RFC 3755.","DOI":"10.17487\/RFC3658"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","unstructured":"O. Gudmundsson and P. Wouters. 2017. Managing DS Records from the Parent via CDS\/CDNSKEY. RFC 8078 (Proposed Standard). 10 pages. https:\/\/doi.org\/10.17487\/RFC8078","DOI":"10.17487\/RFC8078"},{"key":"e_1_3_2_2_22_1","unstructured":"Mike Hamubrg. 2020. libdecaf Changelog. https:\/\/github.com\/krionbsd\/libdecaf\/blob\/master\/ChangeLog."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","unstructured":"W. Hardaker. 2006. Use of SHA-256 in DNSSEC Delegation Signer(DS) Resource Records(RRs). RFC 4509 (Proposed Standard). 7 pages. https:\/\/doi.org\/10.17487\/RFC4509","DOI":"10.17487\/RFC4509"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","unstructured":"P. Hoffman and W.C.A. Wijngaards. 2012. Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC. RFC 6605 (Proposed Standard). 8 pages. https:\/\/doi.org\/10.17487\/RFC6605","DOI":"10.17487\/RFC6605"},{"key":"e_1_3_2_2_25_1","unstructured":"Hoffman Paul. 2020. It's Time to Move Away From Using SHA-1 in the DNS. https:\/\/www.icann.org\/news\/blog\/it-s-time-to-move-away-from-using-sha-1-in-the-dns."},{"key":"e_1_3_2_2_26_1","volume-title":"Chris.","author":"Mestdagh Nick","year":"2020","unstructured":"Holland, Nick and Mestdagh, Steven and Knight, Joel and Jackson, Eric and Vandeputtem Wim and Cappuccio, Chris. 2020. OpenBSD FAQ - Package Management. https:\/\/www.openbsd.org\/faq\/faq15.html."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","unstructured":"R. Housley. 2015. Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms. RFC 7696 (Best Current Practice). 19 pages. https:\/\/doi.org\/10.17487\/RFC7696","DOI":"10.17487\/RFC7696"},{"key":"e_1_3_2_2_28_1","unstructured":"Geoff Houston. 2014. ECDSA and DNSSEC. https:\/\/blog.apnic.net\/2014\/10\/23\/ec dsa-and-dnssec\/."},{"key":"e_1_3_2_2_29_1","volume-title":"Happy Eyeballs for the DNS. OARC 2015 Fall Workshop, https:\/\/indico.dns-oarc.net\/event\/24\/contributions\/377\/attachments\/341\/600\/2015-10-04-dns-dual-stack.pdf.","author":"Houston Geoff","year":"2015","unstructured":"Geoff Houston. 2015. Happy Eyeballs for the DNS. OARC 2015 Fall Workshop, https:\/\/indico.dns-oarc.net\/event\/24\/contributions\/377\/attachments\/341\/600\/2015-10-04-dns-dual-stack.pdf."},{"key":"e_1_3_2_2_30_1","unstructured":"Internet Assigned Numbers Authority (IANA). [n.d.]. Domain Name System Security (DNSSEC) Algorithm Numbers. https:\/\/www.iana.org\/assignments\/dns-sec-alg-numbers\/dns-sec-alg-numbers.xhtml."},{"key":"e_1_3_2_2_31_1","unstructured":"ICANN. 2020. Delegated Strings. https:\/\/newgtlds.icann.org\/en\/program-status\/delegated-strings."},{"key":"e_1_3_2_2_32_1","unstructured":"Internet Engineering Task Force (IETF). [n.d.]. IESG states. https:\/\/datatracker.ie tf.org\/help\/state\/draft\/iesg."},{"key":"e_1_3_2_2_33_1","unstructured":"Internet Corporation for Assigned Names and Numbers (ICANN). 2012. Transition to Delegation. In gTLD Applicant Guidebook."},{"key":"e_1_3_2_2_34_1","unstructured":"Internet Corporation for Assigned Names and Numbers (ICANN). 2013. User Documentation on Delegating and Redelegating a Generic Top-Level Domain (gTLD). https:\/\/www.icann.org\/en\/system\/files\/files\/gtld-drd-ui-10sep13-en.pdf."},{"key":"e_1_3_2_2_35_1","unstructured":"Internet Engineering Task Force (IETF). 2020. Mail Archive. https:\/\/mailarchive. ietf.org\/arch\/."},{"key":"e_1_3_2_2_36_1","unstructured":"Internet Systems Consortium (ISC). 2019. Release Notes for BIND Version 9.14.0. https:\/\/downloads.isc.org\/isc\/bind9\/9.14.0\/RELEASE-NOTES-bind-9.14.0.txt."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","unstructured":"J. Jansen. 2009. Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC. RFC 5702 (Proposed Standard). 10 pages. https:\/\/doi.org\/10.17487\/RFC5702 Updated by RFC 6944.","DOI":"10.17487\/RFC5702"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_30"},{"key":"e_1_3_2_2_39_1","unstructured":"Robert Kisteleki. 2016. Ethics of RIPE Atlas Measurements. https:\/\/labs.ripe.net\/Members\/kistel\/ethics-of-ripe-atlas-measurements."},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","unstructured":"O. Kolkman W. Mekking and R. Gieben. 2012. DNSSEC Operational Practices Version 2. RFC 6781 (Informational). 71 pages. https:\/\/doi.org\/10.17487\/RFC6781","DOI":"10.17487\/RFC6781"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278568"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","unstructured":"W. Kumari O. Gudmundsson and G. Barwood. 2014. Automating DNSSEC Delegation Trust Maintenance. RFC 7344 (Proposed Standard). 18 pages. https:\/\/doi.org\/10.17487\/RFC7344 Updated by RFC 8078.","DOI":"10.17487\/RFC7344"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","unstructured":"B. Laurie G. Sisson R. Arends and D. Blacka. 2008. DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. RFC 5155 (Proposed Standard). 52 pages. https:\/\/doi.org\/10.17487\/RFC5155 Updated by RFCs 6840 6944.","DOI":"10.17487\/RFC5155"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406223"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17659-4_18"},{"key":"e_1_3_2_2_46_1","volume-title":"Fast Software Encryption","author":"Mendel Florian","unstructured":"Florian Mendel, Norbert Pramstaller, and Christian Rechberger. 2008. A (Second) Preimage Attack on the GOST Hash Function. In Fast Software Encryption, Kaisa Nyberg (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 224--234."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85174-5_10"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3431832.3431838"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355570"},{"key":"e_1_3_2_2_50_1","unstructured":"Moritz M\u00fcller Willem Toorop Taejoong Chung and Roland van Rijswijk-Deij. 2020. CENTR Survey: Supported DNSSEC Signing Algorithms. https:\/\/docs.google.com\/forms\/d\/e\/1FAIpQLSfpLT_aPWDnBLt2kmkcihgXJPZquy3tQSBvV77-2Ct9izsBwg\/viewform?usp=sf_link."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2019.2916176"},{"key":"e_1_3_2_2_52_1","unstructured":"NLnet Labs. 2020. Unbound Resolver Change Log. https:\/\/nlnetlabs.nl\/svn\/unbound\/tags\/release-1.8.0\/doc\/Changelog."},{"key":"e_1_3_2_2_53_1","unstructured":"National Institute of Standards and Technology (NIST). [n.d.]. Secure Hashing. https:\/\/web.archive.org\/web\/20110625054822\/http:\/\/csrc.nist.gov\/groups\/S T\/toolkit\/secure_hashing.html."},{"key":"e_1_3_2_2_54_1","unstructured":"PowerDNS. 2020. Changelogs for 4.0.x --- PowerDNS Authoritative Server documentation. https:\/\/doc.powerdns.com\/authoritative\/changelog\/4.0.html."},{"key":"e_1_3_2_2_55_1","unstructured":"PowerDNS. 2020. Changelogs for 4.2.x --- PowerDNS Authoritative Server documentation. https:\/\/doc.powerdns.com\/authoritative\/changelog\/4.2.html."},{"key":"e_1_3_2_2_56_1","first-page":"3","article-title":"RIPE Atlas: A Global Internet Measurement Network","volume":"18","author":"Staff RIPE NCC","year":"2015","unstructured":"RIPE NCC Staff. 2015. RIPE Atlas: A Global Internet Measurement Network. Internet Protocol Journal (IPJ) 18, 3 (Sep 2015).","journal-title":"Internet Protocol Journal (IPJ)"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6944"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-58691-1_68"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63688-7_19"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","unstructured":"O. Sury and R. Edmonds. 2017. Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC. RFC 8080 (Proposed Standard). 7 pages. https:\/\/doi.org\/10.17487\/RFC8080","DOI":"10.17487\/RFC8080"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3123878.3131987"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2016.7818428"},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2016.2558918"},{"key":"e_1_3_2_2_64_1","volume-title":"Making the case for elliptic curves in DNSSEC. ACM SIGCOMM computer communication review 45, 5","author":"van Rijswijk-Deij Roland","year":"2015","unstructured":"Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras. 2015. Making the case for elliptic curves in DNSSEC. ACM SIGCOMM computer communication review 45, 5 (2015), 13--19."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","unstructured":"S. Weiler. 2004. Legacy Resolver Compatibility for Delegation Signer (DS). RFC 3755(Proposed Standard). 9 pages. https:\/\/doi.org\/10.17487\/RFC3755 Obsoleted by RFCs 4033 4034 4035 updated by RFCs 3757 3845.","DOI":"10.17487\/RFC3755"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6840"},{"key":"e_1_3_2_2_67_1","unstructured":"Willem Toorop. 2017. All RSAMD5 signed zones are BOGUS. https:\/\/issuetracker.google.com\/issues\/62692406."},{"key":"e_1_3_2_2_68_1","unstructured":"Wisser Ulrich. 2020. Internetstiftelsen: se incentives. private correspondence."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","unstructured":"Paul Wouters and Ond\u0159ej Sur\u00fd. 2019. Algorithm Implementation Requirements and Usage Guidance for DNSSEC. RFC 8624. https:\/\/doi.org\/10.17487\/RFC8624","DOI":"10.17487\/RFC8624"},{"key":"e_1_3_2_2_70_1","volume-title":"Internet Grows to 370.1 Million Domain Name Registrations at the End of the Second Quarter of","author":"Finance Yahoo","year":"2020","unstructured":"Yahoo Finance. 2020. Internet Grows to 370.1 Million Domain Name Registrations at the End of the Second Quarter of 2020. https:\/\/finance.yahoo.com\/news\/internet-grows-370-1-million-201500616.html."},{"key":"e_1_3_2_2_71_1","unstructured":"Dan York Ond\u0159ej Sur\u00fd Paul Wouters and \u00d3lafur Gu\u00f0mundsson. 2018. Observations on Deploying New DNSSEC Cryptographic Algorithms. Internet-Draft draft-york-dnsop-deploying-dnssec-crypto-algs-06. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-york-dnsop-deploying-dnssec-crypto-algs-06 Work in Progress."}],"event":{"name":"IMC '20: ACM Internet Measurement Conference","location":"Virtual Event USA","acronym":"IMC '20","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation"]},"container-title":["Proceedings of the ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423638","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3419394.3423638","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T23:38:33Z","timestamp":1765841913000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3419394.3423638"}},"subtitle":["Studying the DNSSEC Algorithm Life-Cycle"],"short-title":[],"issued":{"date-parts":[[2020,10,27]]},"references-count":71,"alternative-id":["10.1145\/3419394.3423638","10.1145\/3419394"],"URL":"https:\/\/doi.org\/10.1145\/3419394.3423638","relation":{},"subject":[],"published":{"date-parts":[[2020,10,27]]},"assertion":[{"value":"2020-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}