-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Nicholas Weaver [2014-03-27 14:56]: > So why are both root and com and org and, well, just about > everyone else using 1024b keys for the actual signing?
Here's a small statistic about RSA key lengths of 741,552 signed second-level domains (collected on 2014-01-27, counting KSK and ZSKs): > 1024 bit: 1298238 2048 bit: 698232 1280 bit: 28441 4096 bit: > 25326 512 bit: 8893 1536 bit: 385 Plus ~700 odd-sized RSA keys and ~250 DSA/GOST/ECDSA keys. A domain owner of one of the 512-bit keys told me, it was the default config in the signing tool he had used. Regards, Matt - -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTNFx3AAoJEFaVlPYoUriuqfQIAIhyRBYSoqQhjw3KnvmRt0Lm 1vurP5DPFUIpTGyZj5wvVfcj3SQvQ9ULivv+wYZ+XgnOyRf8JSfo62gcC69qED7J Meq8ZPnrG03SfFqaKdv/ArgMBxXBUZxxxixsbHrk80CuHOpdBnqXB0tvbFlRtEyG RHLUNK7vKPDFTnQXRErugtSrfJy1km49hq4SG3bGdTWfOLre3ML6QDDzFw/kb6AD r18sB3yBpFv6uXm98/2lNFDgBzvEBSUyU/abhQQNb/0H9Y8S+ekxXe1JfQEKdpIi F3Gazx6WfaJtHQRqJhEcTeP08eKMTGNMRlp3hzF8v7UmrocowXPW+xDWMsqUWtU= =lCBt -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
