On 8 Apr 2016, at 10:46, Francis Dupont wrote:
In draft-wouters-sury-dnsop-algorithm-update-01.txt the RSASHA512 (code 10) DNSKEY/RRSIG algo got a SHOULD- for DNSSEC signing. The argument is it is not currently heavily used but I am afraid it is not a very good argument. I have a question for cryptographers in the list: as far as I know there is a relationship with the RSA key size and the output length of the hash algorithm. So perhaps we should not plan to move RSASHA512 to MAY (or worse to MUST NOT) as the SHOULD- means, i.e., put a SHOULD (vs SHOULD-) for RSASHA512?
There is a relationship between the effective strength of the key (RSA or EC) and the length of the output. If you are using 20,000-bit RSA keys, SHA512 might be appropriate. If you are using 4096 bit or shorter RSA keys, SHA256 is sufficient.
--Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
