IETF Logo Mail Archive

Re: [dnsext] historal root keys for upgrade path?

Paul Wouters <paul@xelerance.com> Wed, 02 February 2011 19:46 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F3713A6D8E for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 11:46:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.577
X-Spam-Level:
X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHGr1fc+DhLo for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 11:46:10 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id 75B113A6D41 for <dnsext@ietf.org>; Wed, 2 Feb 2011 11:46:10 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id 5B24AC556; Wed, 2 Feb 2011 14:49:30 -0500 (EST)
Date: Wed, 02 Feb 2011 14:49:29 -0500
From: Paul Wouters <paul@xelerance.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
In-Reply-To: <AANLkTik=yDHWUsJxobVdXzLoUj3HTtd_BaX8YfeZiZ2G@mail.gmail.com>
Message-ID: <alpine.LFD.1.10.1102021445590.5159@newtla.xelerance.com>
References: <alpine.LFD.1.10.1101251250040.30991@newtla.xelerance.com> <17A80F45-52CB-43F6-BD4A-3488821F6933@hopcount.ca> <3A1DEE95-8C8E-4C89-97EB-6D8F799ADE25@virtualized.org> <583A62B0-0DBF-469A-AF8A-B81DEDD1E7E2@dotat.at> <86B1D38A-C274-4335-B30E-3C5C0DF05C38@hopcount.ca> <4D45DE93.9090508@vpnc.org> <AANLkTinbjRebooyqWMpZ2oTudruoDSGqgaXXr35WPYVH@mail.gmail.com> <AANLkTikiqe2K4S-dNsyQZ-xp71J4bM11SsahwpxfDKCX@mail.gmail.com> <4C747F08-A9E8-46E6-AE76-0A999A16D276@hopcount.ca> <AANLkTinOtx88vK3mz-w=uw1CnsKwm=c-nTDOsj=5JAPY@mail.gmail.com> <B4F822D3-F4D6-4657-B299-075B89B5CC86@hopcount.ca> <AANLkTi=BtqV3XF-yXhDBNd7hPCbJCWKuS-WsO=_nf6g3@mail.gmail.com> <EC6DC378-D10D-45FC-B9FB-8D43A780A9EC@kirei.se> <alpine.LSU.2.00.1102021405380.5244@hermes-1.csi.cam.ac.uk> <AANLkTik=yDHWUsJxobVdXzLoUj3HTtd_BaX8YfeZiZ2G@mail.gmail.com>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] historal root keys for upgrade path?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2011 19:46:11 -0000

On Wed, 2 Feb 2011, Phillip Hallam-Baker wrote:

> We are currently moving from 1024 bit RSA to 2048 and it is creating quite a few issues despite the fact that almost
> everything that does 1024 does 2048.

Can you name some of the "quite a few" issues? I'd be interested to hear them.

The only one that I'm aware of is using PKIX with IKE and problems with
UDP fragmentation when large PKIX blobs are sent inline with IKE. The
difference between 1024 and 2048 bit keys seemed to trigger this packet
size related issue.

Paul

v2.23.0 | Report a Bug | By Email