All, internet-dra...@ietf.org wrote: > Title : DNSSEC Operational Practices, Version 2 > Author(s) : O. Kolkman, M. Gieben > Filename : draft-ietf-dnsop-rfc4641bis-01.txt > Pages : 38 > Date : 2009-03-06
I had a look through this and have a few comments. First, key length: An attacker breaking a 1024-bit signing key would need expend phenominal amounts of networked computing power in a way that would not be detected in order to break a single key. Because of this, it is estimated that most zones can safely use 1024-bit keys for at least the next ten years. A 1024-bit asymmetric key has an approximate equivalent strength of a symmetric 80-bit key. (Typo: "phenominal" -> "phenomenal") This section does not match up with the tiny bit of crypto research I've done. The Wikipedia entry on key lengths references an RSA and a NIST publication, both of which suggest 1024 bits not be used after 2010: http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths So the "ten years" recommendation goes about 8 years beyond what cryptographic experts suggest. Perhaps one could suggest 1024-bits is enough for a ZSK that rolled relatively frequently. However, looking at the RSA page, we see: Arjen Lenstra and Eric Verheul’s methodical estimates [LV01] give quite similar results for the security of 1024-bit RSA keys. In one model, they project that in the year 2009, a machine costing about $250 million could factor a 1024-bit RSA key in a day — so a $10 million machine would take just under a month. This seems to imply that one would need to roll a ZSK every few weeks to feel safe from cryptographic attacks if using 1024-bit keys. Second, private key storage: It is recommended that, where possible, zone private keys and the zone file master copy that is to be signed be kept and used in off- line, non-network-connected, physically secure machines only. Then later... In general, keeping a zone file off-line will not be practical and the machines on which zone files are maintained will be connected to a network. Operators are advised to take security measures to shield unauthorized access to the master copy. The whole idea of offline storage for the zone itself is so fantastical I hardly know where to begin! Has there ever in the history of DNS been a zone where the master copy is only stored in a computer is not network connected? Of course it is theoretically possible. But I think at most a single paragraph mentioning the possibility is enough to insure that the people who have this level of paranoia about their DNS data will be able to let their fevered imaginations run wild, without wasting the time of people with actual deployments. :) It might be more useful to recommend HSM - or at least encryption - for private key data. I didn't see any references to this, and AFAIK everybody does it (or feels guilty for not doing it). Cheers, -- Shane _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop