On Fri, 26 Feb 2010, Eric Rescorla wrote:
Cryptanalyses is a function of time (and money). If you reduce the usable
time for attackers, their spending goes up or they will not have enough time
to break the key before it is retired.
Yes, it increases their spending by the ratio of the frequency of the
key cycling to the original cycle time. For instance cycling at the rate
of monthly instead of a year adds approximately 3.6 bits of security,
equivalent to about an 1100 bit of RSA key
(calculations here:
http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html)
As I said, this is a trivial improvement.
I'll have to read that carefully before I can comment on that...
The recommended key size and time
in the document reflects current cryptographers extremely conservative
estimate of what is deemed safe by a few orders of magnitudes.
Really? Which cryptographers recommend rolling over keys monthly?
None. They all said 1024 RSA would be fine for 1 year or even longer.
That's why I said rolling it monthly is "extremely conservative". I
guess I might be wrong depending on the above listed work, but still
need to read that carefully.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
