[ Quoting <ond...@sury.org> at 12:20 on Jan 25 in "Re: [Opendnssec-user..." ] > > > > I always get a bit sad because of these mails... If rsa is vulnerable > > Why sad? I think it's useful to discuss this once in a while. Also because > it looks like (for outsider) that cryptographers are like lawyers. You ask > 5 lawyers about something and you get 7 different opinions :). > > And it had gathered quite few good points. Thanks to all involved. > > > there are better targets than the DNS. > > Like a key which signs 100.000+ domains?
Like a bank that uses such a key to secure transactions...
A rather have someone using 1 good key for 100.000+ domains, then
100.000+ keys and then drown in the key management.
In simulair vain are discussions about the number of hash iterations
in NSEC3 records. I highly doubt that specifying that number is most
important in a DNSSEC deployment...
"You don't have to out run the bear, you only have to out run the others".
grtz,
--
Miek
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
