On Wed, 25 Jan 2012, Ondřej Surý wrote:
Why sad? I think it's useful to discuss this once in a while. Also because it looks like (for outsider) that cryptographers are like lawyers. You ask 5 lawyers about something and you get 7 different opinions :).
The ones I talk to start laughing once I mention we don't need long protection times in the future (eg not encrypting for 20 years). RSA 1024 is more then enough, especially if you can roll in a day. They thought 2048 was extreme overkill. So I guess its a good margin. They also all suggest to use ECC to bring signature sizes down, once I explain we care about packet sizes, proving also that cryptographers are in fact, not lawyers :) Paul _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
