On Jun 17, 2010, at 11:15 PM, Olafur Gudmundsson wrote:
Currently section 3 of the document mandates that all zones be signed using
the KSK+ZSK model, I content this is outdated advice.
Version 02 of the draft offers the choice. And in fact it starts of by saying
(in 3.1 second paragraph)
On Jun 17, 2010, at 5:15 PM, Olafur Gudmundsson wrote:
Proposal #1:
The document should describe both single key and split key operations
and provide real guidance as to when each model is appropriate.
Here is a draft of parameters that should be used to guide
selection of single vs
Currently section 3 of the document mandates that all zones be signed
using the KSK+ZSK model, I content this is outdated advice.
Background #1: Why bring this up now
While reviewing draft-ietf-dnsop-dnssec-dps-framework I found myself
loving certain sections of the document and hating other
On Thu, Jun 17, 2010 at 2:15 PM, Olafur Gudmundsson o...@ogud.com wrote:
Background #3: Key strengths and life time
RSA and DSA algorithms have the interesting property that the number of bits
in the key can be selected, by adding bits to the key the key gets stronger.
Stronger keys can be
On 17/06/2010 5:34 PM, Eric Rescorla wrote:
On Thu, Jun 17, 2010 at 2:15 PM, Olafur Gudmundssono...@ogud.com wrote:
Background #3: Key strengths and life time
RSA and DSA algorithms have the interesting property that the number of bits
in the key can be selected, by adding bits to the key the