At 11:05 -0800 1/21/10, Eric Rescorla wrote:
I still don't understand why this implies the need for regular changes
as opposed to changes triggered by personnel changes.
I'm a bit lost following this thread now.
For the time being, let's ignore personnel changes and whether a key
is in an HSM (environment), i.e., assume there's no organizational
threat to a key.
The question is, how long does a key last?
Meaning - if I am using an RSA-SHA256 key of 1024 bits, at what point
does it's security value reach essentially 0?
Is the point X number of signatures?
Is the point Y number of days?
Is the point a function of X and Y?
Is there even a point at all?
Even now, more than 10 years after the first SE workshop, I have
never heard an expert or authority on cryptography give neither a
concrete answer nor direction on this. While I realize the answer
isn't as simple as "after 43,253 signatures" or "after 1348 days", I
haven't heard anything that could be used as guidance in an
operational setting.
The "need for regular changes" stems from assumptions made in the
early days of DNSSEC development that have gone pretty much
unchallenged until recently. The door is open to (re)visit this
topic, if anyone wants to venture opinions.
What I'd like to hear is:
"Crypto-expert __________ says an RSA-SHA256 key of 1024 bits is good
for _______ signatures/days."
That's what I'd like for my birthday present this year.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop