On Thu, Mar 27, 2014 at 10:52 AM, Paul Hoffman <paul.hoff...@vpnc.org>wrote:
> On Mar 27, 2014, at 6:56 AM, Nicholas Weaver <nwea...@icsi.berkeley.edu> > wrote: > > > and 1024B is estimated at only "a thousand times harder". > > Does that estimate include a prediction that the method to factor RSA will > improve significantly as it has in the past? The authors were unclear on > that in their estimate. > > > Do you really want someone like me to try to get an EC2 academic grant > for the cluster and a big slashdot/boingboing crowd for the sieving to > factor the root ZSK? > > Yes. If doing it for the DNS root key is too politically challenging, > maybe do it for one of the 1024-bit trust anchors in the browser root pile. > Failing that, just do it for any 1024-bit key. Successes in the past for > the RSA challenge have gotten movement to happen. > RSA-768 was factored just after that NIST guidance was published. Based on previous history I expect RSA896 to be factored in the near future. In fact it might have been factored already if all the worlds spare CPU cycles were doing something more useful than mining bitcoin. So relying on 1024 bit RSA is really leaving no margin for error. -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
