On Wed, Apr 2, 2014 at 6:30 AM, Edward Lewis <edlewis.subscri...@cox.net>wrote:
> I found that there are two primary reasons why 1024 bits is used in zone > signing keys. > > One - peer pressure. Most other operators start out with 1024 bits. I > know of some cases where operators wanted to choose other sizes but were > told to "follow the flock." > > Two - it works. No one has ever demonstrated a failure of a 1024 bit key > to provide as-expected protection. > Cryptographic failures are often undemonstrated for decades. If a state actor has broken 1024b keys, they're unlikely to advertise that, just use it now and then as quietly as they can. Secondly, the application of signatures in DNS and the nature of the DNS protocol itself presents significant risks that don't make a straightforward comparison easy. Suppose your goal is to intercept traffic, and you'd like to cause www.example.com, a signed domain, to resolve to an IP address that you control. Now suppose you also happen to have a /16, not unreasonable for a large actor - small even. If you can craft a matching signature for www.example.com with even one of your 2^16 IP addresses, you've succeeded. You don't have to care which particular IP address you happened to craft a matching signature for. This property makes it easier to sieve for matching signatures. >From these two main reasons (and you'll notice nothing about cryptographic > strength in there) a third very import influence must be understood - the > tools operators use more or less nudge operators to the 1024 bit size. > Perhaps via the default settings or perhaps in the tutorials and > documentation that is read. > Do you think that this would be as relevant to the root zone and large TLDs though? -- Colm
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
