The NIST Guidance is from 2009. It is long since obsolete. This is one of the reasons why we need to take advice on crypto algorithms in house and make them IETF wide. Which is why I was asked to write this:
https://datatracker.ietf.org/doc/draft-hallambaker-consensuscrypto/ Having DNSSEC use 1024 bit RSA when we know it is unsafe sends a really bad message. We are currently phasing out use of 1024 bit crypto in the Web PKI for far less core concerns than the DNS roots. This is one of the reasons why I am proposing support for multi-packet UDP responses in PRIVATE-DNS. I am not sure that they are necessary. It might well be that 1500 bytes is sufficient for all DNS messages as argued here. But right now we have people making really bad decisions because of a design constraint. If we are going to encrypt messages that is going to eat up a few bytes in each packet no matter what we do. IPSEC consumes quite a few bytes. Trying to dance round this constraint is not making the protocol any simpler. All it is doing is pushing the complexity balloon down in one place and have bits pop out all over the place. On Thu, Mar 27, 2014 at 10:22 AM, Joe Abley <jab...@hopcount.ca> wrote: > > On 27 Mar 2014, at 22:56, Nicholas Weaver <nwea...@icsi.berkeley.edu> > wrote: > > > Bits are not precious: Until a DNS reply hits the fragmentation limit > of ~1500B, size-matters-not (tm, Yoda Inc). > > > > So why are both root and com and org and, well, just about everyone else > using 1024b keys for the actual signing? > > Those requirements (for the root zone keys) came from NTIA via NIST: > > > http://www.ntia.doc.gov/files/ntia/publications/dnssec_requirements_102909.pdf(9)(a)(i) > > (well, NIST specified a minimum key size, but the implication at the time > was that that was a safe minimum). > > Bear in mind, I guess, that these keys have a publication lifetime that is > relatively short. The window in which a factoring attack has an opportunity > to find a result that can be exploited as a compromise is fairly narrow. > > > Joe > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > -- Website: http://hallambaker.com/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
