On 27 Mar 2014, at 22:56, Nicholas Weaver <nwea...@icsi.berkeley.edu> wrote:
> Bits are not precious: Until a DNS reply hits the fragmentation limit of > ~1500B, size-matters-not (tm, Yoda Inc). > > So why are both root and com and org and, well, just about everyone else > using 1024b keys for the actual signing? Those requirements (for the root zone keys) came from NTIA via NIST: http://www.ntia.doc.gov/files/ntia/publications/dnssec_requirements_102909.pdf (9)(a)(i) (well, NIST specified a minimum key size, but the implication at the time was that that was a safe minimum). Bear in mind, I guess, that these keys have a publication lifetime that is relatively short. The window in which a factoring attack has an opportunity to find a result that can be exploited as a compromise is fairly narrow. Joe
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
