@[email protected] thanks for the hints! That’s excactly why I stick to #ECDSA-P256. Will do some more research and switch to ed25519 maybe at a later time :)

@[email protected] thanks for pointing out, but what people use shouldn’t be a reference in general. There’re still many SSLv3 enabled systems out in the wild - just as an example 😉

According to the rfc 8624, ED25519 is recommended. But it still doesn’t mean that it’s usable in practicable way. 2022 many resolvers still lacked supporting it.

I also guess, once it got set up, no one cares about it anymore. And back in that time #ECDSA-P256 was probably the best choice. I was running in RSA and just took a look again when setting up the new infrastructure including dnssec-policy setup. I sticked to #ECDSA-P256 instead of #ED25519 now to make sure to have the best compatibility. Will do some more research and maybe switch at a later time again… :)