-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hoffman wrote: > > At 11:32 AM -0400 4/24/09, Paul Wouters wrote: >> So it seems to me that using 1024 bit RSA keys for ZSK, and 2048 bit >> keys for KSK, assuming RFC 4641 rollover periods, are still many orders >> of magnitude safe for our use within the DNSSEC realm. In fact, it >> seems RFC4641, as written in 2006, is still extremely conservative in >> its estimates two and a half years after its publication date. > > That is fine, but so is 1024 bit KSKs. The text in RFC 4641bis makes it clear > that KSKs should be rollable in case of an emergency; the effort to do so is > greater, but not that much greater, than rolling a ZSK. > > The WG should decide which seems better to recommend: > > a) KSKs longer than ZSKs because KSKs are thought of as needing to be stronger > > b) KSKs the same strength as ZSKs because neither should be weak enough to be > attacked > > I prefer (b), but (a) keeps coming up in this discussion. >
The dimension I'm usually missing in these discussions is the lifetimes of keys and the lifetimes of the signatures created with those keys (although it is mentioned above). I always understood the reason for having two key types is so that one of them can be rolled more often, and have shorter signatures lifetimes, while the other one lives longer, and is needed less often. So the first one would not need to be as strong as the second one. So on the one hand, neither key should be weak enough to be attacked at all. But on the other hand, if they are equally strong, they're gonna attack the one that has the longest lifetime and/or the longest signature lifetimes. It seems to me that it would then make sense to roll/resign with the KSK as least as often as you roll/resign with the ZSK (since they are equally strong). It's probably the friday talking, but in that case, why even have a KSK at all? Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknx9v4ACgkQ4nZCKsdOncWuXwCfdQt+Ht1FvcUbracXxi6AKrV8 DWEAoLPkxvUwUrL55ymLIuEv5IyFZ9mn =n92f -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
