On Mon, 25 Jan 2010, Edward Lewis wrote:
Last time I looked (a few months ago) most signed TLDs to use 2048 bit KSKs and 1024 bit ZSKs. Perhaps there is no reason to have two different sized keys, I would guess that since "a chain is only as strong as its weakest link" all keys could be dropped to 1024, or even less.
The weakness of a key is partially determined by the length of its usage period. If you plan to use the KSK for a period 12 times longer, making it 1024 is not making it equal to the ZSK strength of "1024 for 30 days" I don't think people have experienced serious troubles with 2048 bit keys, though if you want to go higher, you're probably better of waiting for ECC, as that will give you smaller signatures compared to RSA with the same key size. But AFAIK, no dns implementation supports ECC yet. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
