[144955] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Wed Oct 14 20:50:40 2009
In-Reply-To: <87skdl1qgz.fsf@snark.cb.piermont.com>
Date: Wed, 14 Oct 2009 17:02:34 -0700
To: cryptography@metzdowd.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
At 7:54 PM -0400 10/14/09, Perry E. Metzger wrote:
>There are enough people here with the right expertise. I'd be interested
>in hearing what people think could be done with a fully custom hardware
>design and a budget in the hundreds of millions of dollars or more.
What part of owning a temporary private key for the root zone would be worth even 10% of that much? There are attacks, and there are motivations. Until we know the latter, we cannot put a price on the former.
Related question: if all the root keys were 2048 bits, who do you think would change the way they rely on DNSSEC?
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
