The 1024 bit key guideline is for response sizes (biggest stumbling block we've encountered so far in .gov deployment).
The rollover frequency is largely based on an extended time frame. The extended roadmap is to try and migrate to ECC by 2015, and there is some belief that 1024 bit RSA might become "breakable" in months (with reasonable cost - for some definition of "reasonable") by 2015. I remember some paper being reference, but I don't recall which one. And no, I don't fully understand all of it either, but the near goal (response size) was met, which was the primary concern for now given the deployment deadlines within Federal IT security. Overall, US Federal gov't security policy errs on the side of caution. Frequent rolling of keys is seen as good practice, even if the evidence on its effectiveness isn't fully proven. Scott On 3/1/10 8:07 AM, "Eric Rescorla" <e...@rtfm.com> wrote: > On Mon, Mar 1, 2010 at 4:57 AM, Rose, Scott W. <scott.r...@nist.gov> wrote: >> On 2/26/10 4:51 PM, "Paul Wouters" <p...@xelerance.com> wrote: >> >>> On Fri, 26 Feb 2010, Thierry Moreau wrote: >> >>> >>>> Basically, you adhere to (B) and suggest 1024-bits/1-month-cryptoperiod, >>>> hence you inflate the requirements over NIST's. >>> >>> I am not inflating NIST's requirements. I believe 1024 bit RSA with monthly >>> rollover is fine, whereas NIST recommends to migrate to 2048 bit for that. >>> >> >> NIST's recommendations are for 2048 bit RSA, rolled every 1-3 years. These >> recommendations are based on PKI and/or SSL certs mostly, not DNSSEC. For >> DNSSEC, we made a compromise to allow 1024 bit RSA keys around for a while >> if we also recommended rolling more frequently. > > OK, but I don't understand the technical basis for this recommendation. It > just > seems like it makes running 1024-bit keys inconvenient without adding any > significant increase in security. Did NIST provide a rationale? > > -Ekr > =================================== Scott Rose NIST sco...@nist.gov ph: +1 301-975-8439 Google Voice: +1-571-249-3671 http://www.dnsops.gov/ =================================== _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
