On Wed, Apr 2, 2014 at 11:19 AM, đź”’ Roy Arends <r...@dnss.ec> wrote:
> Just a thought that occured to me. Crypto-maffia folk are looking for a > minimum (i.e. at least so many bits otherwise its insecure). DNS-maffia folk > are looking for a maximum (i.e. at most soo many bits otherwise > fragmentation/fallback to tcp). It seems that the cryptomaffia’s minimum > might actually be larger than the DNS-maffia’s maximum. > > As an example (dns-op perspective). > > Average case: 2 keys (KSK/ZSK) + 1 sig (by KSK) with 2048 bit keys is at > least 768 bytes (and then some). > Roll case: 3 keys(2 KSK/1 ZSK) + 2 sig (by KSK) with 2048 bit keys is at > least 1280 bytes (and then some). > Part of jim's query is of interest: "Where are the requirements?" (boiled down some to that I think) There's also a point I asked about previously in jim's note: "Where's the POC at?" I don't think anyone's going to change anything without your referred to 2008-like incident... and without some requirements at least as a swag, right? I'd expect the key length discussion relates pretty closely to: "If I can factor the key in less time than you will rotate keys..." So, how often to the keys rotate? at least every 30 days? So you have to be able to be 'secure' longer than 30 days of compute resources time, right? > Then there is this section in SAC63: "Interaction of Response Size and IPv6 > Fragmentation” > > Which relates to response sizes larger than 1280 and IPv6 and blackhole > effects. > > https://www.icann.org/en/groups/ssac/documents/sac-063-en.pdf good times :( _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
