On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote: > > Ekr has a very good blog posting on what seems like a bad security > decision being made by Verisign on management of the DNS root key. > > http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html > > In summary, a decision is being made to use a "short lived" 1024 bit key > for the signature because longer keys would result in excessively large > DNS packets. However, such short keys are very likely crackable in short > periods of time if the stakes are high enough -- and few keys in > existence are this valuable.
however - the VSGN proposal meets current NIST guidelines. --bill > > Perry > -- > Perry E. Metzger pe...@piermont.com > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com