Re: [Opendnssec-user] Default ZSK sizes

2012-01-26 Thread Paul Wouters
On Thu, 26 Jan 2012, Roland van Rijswijk wrote: Seconded, ECC is a good alternative to RSA and should drastically reduce on-the-wire sizes of signatures and DNSKEY sets. And ECC is on the way (but not there yet) for DNSSEC: http://tools.ietf.org/html/draft-ietf-dnsext-ecdsa-04. Wonder if it w

Re: [Opendnssec-user] Default ZSK sizes

2012-01-26 Thread Roland van Rijswijk
On 26 jan 2012, at 03:11, Paul Wouters wrote: > On Wed, 25 Jan 2012, Ondřej Surý wrote: > >> Why sad? I think it's useful to discuss this once in a while. Also because >> it looks like (for outsider) that cryptographers are like lawyers. You ask >> 5 lawyers about something and you get 7 diffe

Re: [Opendnssec-user] Default ZSK sizes

2012-01-25 Thread Paul Wouters
On Wed, 25 Jan 2012, Ondřej Surý wrote: Why sad? I think it's useful to discuss this once in a while. Also because it looks like (for outsider) that cryptographers are like lawyers. You ask 5 lawyers about something and you get 7 different opinions :). The ones I talk to start laughing once

Re: [Opendnssec-user] Default ZSK sizes

2012-01-25 Thread Miek Gieben
[ Quoting at 12:20 on Jan 25 in "Re: [Opendnssec-user..." ] > > > > I always get a bit sad because of these mails... If rsa is vulnerable > > Why sad? I think it's useful to discuss this once in a while. Also because > it looks like (for outsider) that cryptographers are like lawyers. You ask >

Re: [Opendnssec-user] Default ZSK sizes

2012-01-25 Thread Ondrej Mikle
On 01/25/2012 12:44 AM, Rick van Rein wrote: > > Miek, I do not agree that DNS is unattractive to crack; > if I had a grudge against a large industrial firm I could > try to redirect their traffic to me, and announce being > near bankrupcy on their website (which would cause panic > and could ther

Re: [Opendnssec-user] Default ZSK sizes

2012-01-25 Thread Ondřej Surý
On Tue, Jan 24, 2012 at 22:31, Miek Gieben wrote: >> Any opinions? > > I always get a bit sad because of these mails... If rsa is vulnerable Why sad? I think it's useful to discuss this once in a while. Also because it looks like (for outsider) that cryptographers are like lawyers. You ask 5 la

Re: [Opendnssec-user] Default ZSK sizes

2012-01-25 Thread Olaf Kolkman
> > Any opinions? > > http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis-08#section-3.4 Which has past WGLC and is on its way to the IESG for more than half a year. --Olaf Olaf M. KolkmanNLnet Labs http:

Re: [Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Scott Armitage
On 24 Jan 2012, at 23:44, Rick van Rein wrote: > Once again, > the infrastructure exists to update a KSK if need be, and > a knowledgeable resolver operator could stop accepting > keys if RSA is broken tomorrow. > At the moment it often isn't the easiest of processes to get a KSK changed for

Re: [Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Rick van Rein
Hi, As others stated: the short lifetime of a ZSK makes it reasonable to work with 1024 bit; the impact that key sizes have on efficiency of DNSSEC is big enought to not want to be paranoid; this is why there is the difference between ZSK and KSK in the first place. Rather than looking at conserv

Re: [Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Jakob Schlyter
On 24 jan 2012, at 17:15, Ondřej Surý wrote: > Any opinions? I very much disagree. There is no reason to stop recommending 1024-bits RSA keys. I did ask Paul Hoffman, and got the following reply: "A 1024 bit keys whose value is under US$100M is secure for many years in the future; see RFC 3766

Re: [Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Miek Gieben
[ Quoting at 17:15 on Jan 24 in "[Opendnssec-user] De..." ] > and the result was that <1024 RSA keys are insecure (in fact 512bit > keys can be factorized on common hardware). 1024 and 512 bits is a bit of a leap in rsa land... > These numbers are just for 2012 and maybe updated as time changes.

[Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Ondrej Mikle
Roland van Rijswijk wrote: >> we did a small research on a secure and recommended keysizes >> and the result was that <1024 RSA keys are insecure (in > fact 512bit > keys can be factorized on common hardware). >> > We came to conclusion that to be on a safe > side the default should be: > > ZSK >=

Re: [Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Roland van Rijswijk
Hi Ondřej, On 24 jan 2012, at 17:15, Ondřej Surý wrote: > we did a small research on a secure and recommended keysizes > and the result was that <1024 RSA keys are insecure (in fact 512bit > keys can be factorized on common hardware). > > We came to conclusion that to be on a safe side the defa

[Opendnssec-user] Default ZSK sizes

2012-01-24 Thread Ondřej Surý
Hi, we did a small research on a secure and recommended keysizes and the result was that <1024 RSA keys are insecure (in fact 512bit keys can be factorized on common hardware). We came to conclusion that to be on a safe side the default should be: ZSK >= 1280 bits KSK >= 2048 bits With 1024 bit