Thanks to ACTIVE 24, ECDSA is now the most used algorithm in the CZ zone

ACTIVE 24 changed its main DNSSEC key (A24-KEYSET) from algorithm 5 to a new algorithm 13 - ECDSAP256SHA256. The change affected more than 100,000 domains for which ACTIVE 24 is listed as a registrar. As a result, the new algorithm became the most commonly used algorithm in the .CZ zone.


The original SHA-1 algorithm was used by ACTIVE 24 since DNSSEC was introduced in the Czech Republic in 2008. Now ACTIVE24 was glad to replace it with a modern algorithm based on elliptic curves. Thanks to thorough preparation and cooperation on the CZ.NIC side, the process that is not quite trivial for such a volume of domains, ran smoothly. 

CZ.NIC supports the cryptographic algorithm ECDSA (the digital signature algorithm of the elliptic curve algorithm) in the Czech Republic from its start in 2012 mainly because it is more advantageous for the zone for operational reasons - smaller size of public and private keys (DNSKEY) and smaller size of the resulting digital signature (RRSIG), while maintaining the high security of the algorithm, reduces the resulting size of the signed zone and the amount of data transferred between DNS servers.