[144951] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root management
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Wed Oct 14 19:25:39 2009
Date: Wed, 14 Oct 2009 23:14:40 +0000
From: bmanning@vacation.karoshi.com
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <87fx9l3989.fsf@snark.cb.piermont.com>
On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
>
> Ekr has a very good blog posting on what seems like a bad security
> decision being made by Verisign on management of the DNS root key.
>
> http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
>
> In summary, a decision is being made to use a "short lived" 1024 bit key
> for the signature because longer keys would result in excessively large
> DNS packets. However, such short keys are very likely crackable in short
> periods of time if the stakes are high enough -- and few keys in
> existence are this valuable.
however - the VSGN proposal meets current NIST guidelines.
--bill
>
> Perry
> --
> Perry E. Metzger perry@piermont.com
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
