Re: [DNSOP] Current DNSOP thread and why 1024 bits

Wed, 02 Apr 2014 09:16:36 -0700 

Hi Ed,
At 06:30 02-04-2014, Edward Lewis wrote:
I found that there are two primary reasons why 1024 bits is used in zone signing keys. 


 One - peer pressure.  Most other operators start out with 1024 
bits.  I know of some cases where operators wanted to choose other 
sizes but were told to "follow the flock."



Two - it works.  No one has ever demonstrated a failure of a 1024 
bit key to provide as-expected protection.


My short comment would be Yes to the above.


The problem might be the "follow the flock" as there is an assumption 
that someone looked at the details before choosing the 1024 bit key.



What does it matter from a security perspective?  DNS messages are 
short lived.  It's not like we are encrypting a novel to be kept 
secret for 100 years.  With zone signing keys lasting a month, 6 
months, or so, and the ability to disallow them fairly quickly, 
what's the difference between this so-called 80 or 112 bit strength 
difference?  Yes, I understand the doomsday scenario that someone 
might "guess" my private key and forge messages.  But an attack is 
not as simple as forging messages, it takes the ability to inject 
them too.  That can be done - but chaining all these things together 
just makes the attack that much less prevalent.



For context, the discussion is about a ZSK.  There is a theory that 
it would take under a year and several million (U.S.) dollars to 
break 1024 bits.  It has been said (not on this mailing list) that an 
organization could do it within a shorter time.  It's not a good idea 
to wait for the demonstration as it can raise concerns about the 
entity which chose the key.



As a general comment I tried to find out which NIST recommendations 
are being discussed in respect to DNSSEC.  The requirements mentioned 
by Joe Abley refers to NIST SP 800-78.  That document is about 
"Cryptographic Algorithms and Key Sizes for Personal Identity
Verification".  Is that the NIST recommendation on which this 
discussion is based?


Regards,

S. Moonesamy  


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop



























					Reply via email to