On Thu, Jan 21, 2010 at 08:55:33AM -0800, Paul Hoffman wrote:
> 
> But we *can* assume that there are a lot of 1024-bit keys in use
> that are much more valuable than the most valuable DNSSEC 1024-bit
> key. Thus, as public analysis gets better, we are likely to hear
> about it. Even if the first attacks from private crackers, we will
> hear about them.

I fully agree.  I just want to make sure we're not holding ourselves
to an operational standard that is just impossible to reach.  If we
want "proof" and "facts" about whether something won't ever be
compromised, it's not going to happen (so I'm very keen we not put
anything resembling such language in any draft).  That's all I was
saying.

A

-- 
Andrew Sullivan
a...@shinkuro.com
Shinkuro, Inc.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to