At 11:02 AM -0500 1/21/10, Andrew Sullivan wrote: >On Thu, Jan 21, 2010 at 10:48:52AM -0500, Edward Lewis wrote: > > And the key word above is "assumptions" - once we know for a fact that a >> ZSK of 1024 bits is good for a year no matter how much it is used and > >Nobody can ever know that for a fact, because it would require proving >impossible that such a key could be cracked. Predictions of future >impossibility are hard to prove.
But we *can* assume that there are a lot of 1024-bit keys in use that are much more valuable than the most valuable DNSSEC 1024-bit key. Thus, as public analysis gets better, we are likely to hear about it. Even if the first attacks from private crackers, we will hear about them. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop