There's been a lot of noise and very little signal in the recent discussion.
It would be helpful if there was real data on this topic. Is an RSA key of N bits too "weak" or too "strong"? I don't know. Is N bits "good enough"? Probably. Change the algorithm and/or value of N to taste. My gut feel is large ZSKs are overkill because the signatures should be short-lived and the keys rotated frequently. Though the trade-offs here are unclear: is a 512-bit key that changes daily (say) better than a 2048-bit key that gets rotated once a week/month/whatever? Remember too we're not talking about keys to launch ICBMs or authenticate billion dollar transactions. I doubt it matters if a previous key can be cracked provided it gets retired before the bad guys can throw enough CPU-years to break it. However I'm just going on my own gut feel and common sense which could be wrong. Large keys might well be advisable at the root and/or for TLD KSKs. But so far there does not appear to have been much science or engineering on just how large those keys should be or how frequently they change. So in the absence of other firm foundations the established wisdom becomes "do what gets done for the root". If there is a threat or risk here, please present solid evidence. Or, better still, an actual example of how any DNSSEC key has been compromised and then used for a real-world (or proof of concept) spoofing attack. BTW, the apparent profanity on an earlier thread was annoying because it didn't spell "whisky" correctly. As every drinker of fine single malt knows. :-) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
