On Mon, Mar 1, 2010 at 4:57 AM, Rose, Scott W. <scott.r...@nist.gov> wrote: > On 2/26/10 4:51 PM, "Paul Wouters" <p...@xelerance.com> wrote: > >> On Fri, 26 Feb 2010, Thierry Moreau wrote: > >> >>> Basically, you adhere to (B) and suggest 1024-bits/1-month-cryptoperiod, >>> hence you inflate the requirements over NIST's. >> >> I am not inflating NIST's requirements. I believe 1024 bit RSA with monthly >> rollover is fine, whereas NIST recommends to migrate to 2048 bit for that. >> > > NIST's recommendations are for 2048 bit RSA, rolled every 1-3 years. These > recommendations are based on PKI and/or SSL certs mostly, not DNSSEC. For > DNSSEC, we made a compromise to allow 1024 bit RSA keys around for a while > if we also recommended rolling more frequently.
OK, but I don't understand the technical basis for this recommendation. It just seems like it makes running 1024-bit keys inconvenient without adding any significant increase in security. Did NIST provide a rationale? -Ekr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop