Hi, we did a small research on a secure and recommended keysizes and the result was that <1024 RSA keys are insecure (in fact 512bit keys can be factorized on common hardware).
We came to conclusion that to be on a safe side the default should be: ZSK >= 1280 bits KSK >= 2048 bits With 1024 bits safe now, but recommended to be rolled to higher number of bits this year. These numbers are just for 2012 and maybe updated as time changes. Since almost anybody will just use default numbers in kasp.xml, I propose that we bump the default number for ZSK to 1280. Any opinions? O. -- Ondřej Surý <ond...@sury.org> _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
