At 15:47 27-03-2014, Joe Abley wrote:
There was a plan underway to roll the KSK. I was at ICANN briefly
when that started (I spoke publicly, albeit briefly about it in the
dnsop meeting in Berlin). I'm no longer at ICANN and hence no longer
have anything authoritative to say, but it seems plausible that the
events leading up to NTIA's announcement the other week caused some
delays or rescheduling of the KSK roll project. A KSK roll would be
a good opportunity to change the key size.
Yes, assuming that there is a reason for such a change [1].
I could not find any report about the outcome of the Rollover consultation.
Regards,
S. Moonesamy
1. "To date, despite huge efforts, no one has broken a regular
1024-bit key; in fact, the best completed attack is estimated to be
the equivalent of a 700-bit key. An attacker breaking a 1024-bit
signing key would need to expend phenomenal amounts of networked
computing power in a way that would not be detected in order to break
a single key. Because of this, it is estimated that most zones can
safely use 1024-bit keys for at least the next ten years." That was
the IETF Consensus in 2012.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
