On Apr 2, 2014, at 10:19 AM, Jim Reid <j...@rfc1035.com> wrote: > My gut feel is large ZSKs are overkill because the signatures should be > short-lived and the keys rotated frequently. Though the trade-offs here are > unclear: is a 512-bit key that changes daily (say) better than a 2048-bit key > that gets rotated once a week/month/whatever? Remember too we're not talking > about keys to launch ICBMs or authenticate billion dollar transactions. I > doubt it matters if a previous key can be cracked provided it gets retired > before the bad guys can throw enough CPU-years to break it.
The problem with the way you've phrased this question is that there does not seem to be agreement amongst the parties to this discussion whether old keys matter. If you think they do, you need longer keys. If you think they don't, you need shorter keys. So rather than talking about key lengths first, it would be more productive to come to a consensus about which threat model we are trying to address. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop