On 26 Mar 2018, at 17:30, Michael Sinatra wrote:
I am a bit uncomfortable with the document's disrecommendation of
SHA384
and ECDSAP384SHA384. The main reason for this is that for crypto
recommendations here in the USG,
Note that those are for encryption, where they want to keep some things
secret for 40 or more years. DNSSEC is an authentication mechanism. If
it takes two decades to break an P256 key that is used for encryption,
the attacker gets much (much!) more value than breaking one that is used
for authentication.
The fact that the NSA document is unclear on this point has been causing
problems for many people, including for people inside the NSA.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
