New statistics and increase in popularity of elliptic curves in DNSSEC

It has been almost half a year since we presented the intention to change the DNSSEC algorithm for .cz zone DNSSEC key at our IT 16.2 conference. In his presentation, our colleague Zdeněk Brůna described in detail the advantages of algorithms based on elliptic curves, especially the ECDSA algorithm. However, due to the situation where this step cannot be done because of the lack of support for this algorithm in the root zone, our activities have shifted to mainly educate and monitor the impact of this education on the state of support for this new technology. At a seminar with registrars that we held at the end of February, we noticed a positive response to some ECDSA properties, such as smaller zone file size or smaller DNS response size. Some registrars have already declared interest in switching to ECDSA. At the same time, the registrars have suggested that we publish statistics on our site showing how different DNSSEC algorithms are used in the .cz zone. We liked this idea and we are now publishing these statistics.

The mojeID service as an inspiration for other European domain registries

One of the important features of the mojeID service launched by CZ.NIC seven years ago is its integration with the domain registration system. Multi-step verification of the provided data serves as a method of increasing the accuracy of contact details in the .CZ domain registry. As a bonus, the contacts verified this way can use the mechanism of a single sign-on using authentication protocols on websites that offer such an option. As might be expected, among such websites there are also portals of some of our registrars, two of which have lately even ranked among the 10 services with highest login count. The concept of linking a domain registry to a digital identity (eID) has long been the subject of many questions from foreign domain registries and numerous presentations at international conferences. Now it seems that other foreign registries decided to implement this concept.

MojeID now speaks more languages: it has learned the SAML and OpenID Connect protocols

Since its establishment in 2010, the mojeID service was closely connected with the OpenID 2.0 authentication protocol. This protocol was the best choice for us at the time, as it combined the implementation simplicity with availability of libraries for various programming languages. However, OpenID 2.0 is not the only authentication protocol. I wrote in our blog (only in Czech) about several others, like the SAML protocol or OpenID Connect. Especially for the latter one, OpenID Connect, standardization of which was finished at the beginning of last year, analysts forecast a promising future. The good news is that mojeID is no longer “monolingual”, it is now able to communicate with service providers via the mentioned protocols.