On Wed, Sep 09, 2015 at 09:44:23PM -0400, Paul Wouters wrote:
> >>Once the CFRG algorithms are done, I would also publish an updated
> >>list of MTI algorithms for DNSSEC that would consist of:
> >>
> >> 8, 12 and both of the CFRG algorithms.
>
> You listed 12 as both deprecate and MTI ?
Sorry, typo, I meant 13 as MTI not 12.
> >>The more secure of the two CFRG algorithms should be supported by
> >>clients, but should not yet be used by servers, concerns about
> >>post-QC crypto don't really apply to short-term signatures
>
> I thought the whole point of QC was that it makes key discovery
> a trivial short brute force. It would be especially useful for
> short term signatures that otherwise couldn't have been broken in
> time (although I guess if you have QC, you do the root key first.
My point is that once a DNSSEC KSK or ZSK is changed, there is no
issue with disclosure. The keys are used for signing only. So we
don't need to worry about QC now. We can replace any weak keys
once quantum computers are reasonably expected to be available to
adversaries.
--
Viktor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
