On 2/26/10 4:51 PM, "Paul Wouters" <p...@xelerance.com> wrote:
> On Fri, 26 Feb 2010, Thierry Moreau wrote: > >> Basically, you adhere to (B) and suggest 1024-bits/1-month-cryptoperiod, >> hence you inflate the requirements over NIST's. > > I am not inflating NIST's requirements. I believe 1024 bit RSA with monthly > rollover is fine, whereas NIST recommends to migrate to 2048 bit for that. > NIST's recommendations are for 2048 bit RSA, rolled every 1-3 years. These recommendations are based on PKI and/or SSL certs mostly, not DNSSEC. For DNSSEC, we made a compromise to allow 1024 bit RSA keys around for a while if we also recommended rolling more frequently. >> Thus, in *my* opinion, you induce a waste of DNSSEC bandwidth / CPU time / >> DNS operations overhead (i.e. rollover management). > Depending on the zone, operational overhead is an acceptable cost compared to having smaller response sizes. Scott > Have you crunched the numbers and packet sizes of 768 bit RSA vs 1024 bit > RSA vs 2048 bit RSA RRSIG's in common DNS packet answers? I believe the > concensus reached was that differences between 1024 and 2048 bit had a > significant impact, whereas the difference between 1024 and 768 did not. > It thus made sense to both play as save as possible within the constraints > of DNS, and 1024 was recommended with a one month rollover. It was a combined > effort of cryptanalysts and network engineers. > > Paul > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > =================================== Scott Rose NIST sco...@nist.gov ph: +1 301-975-8439 Google Voice: +1-571-249-3671 http://www.dnsops.gov/ =================================== _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
