On Wed, Apr 2, 2014 at 11:31 AM, Christopher Morrow <morrowc.li...@gmail.com> wrote: > On Wed, Apr 2, 2014 at 11:19 AM, 🔒 Roy Arends <r...@dnss.ec> wrote: > >> Just a thought that occured to me. Crypto-maffia folk are looking for a >> minimum (i.e. at least so many bits otherwise its insecure). DNS-maffia folk >> are looking for a maximum (i.e. at most soo many bits otherwise >> fragmentation/fallback to tcp). It seems that the cryptomaffia’s minimum >> might actually be larger than the DNS-maffia’s maximum. >> >> As an example (dns-op perspective). >> >> Average case: 2 keys (KSK/ZSK) + 1 sig (by KSK) with 2048 bit keys is at >> least 768 bytes (and then some). >> Roll case: 3 keys(2 KSK/1 ZSK) + 2 sig (by KSK) with 2048 bit keys is at >> least 1280 bytes (and then some). >> > > Part of jim's query is of interest: > "Where are the requirements?" (boiled down some to that I think) > > There's also a point I asked about previously in jim's note: > "Where's the POC at?" > > I don't think anyone's going to change anything without your referred > to 2008-like incident... and without some requirements at least as a > swag, right?
oops, apologies, phil's 2008 reference. > > I'd expect the key length discussion relates pretty closely to: > "If I can factor the key in less time than you will rotate keys..." > > So, how often to the keys rotate? at least every 30 days? So you have > to be able to be 'secure' longer than 30 days of compute resources > time, right? > >> Then there is this section in SAC63: "Interaction of Response Size and IPv6 >> Fragmentation” >> >> Which relates to response sizes larger than 1280 and IPv6 and blackhole >> effects. >> >> https://www.icann.org/en/groups/ssac/documents/sac-063-en.pdf > > good times :( _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop