Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Joe Abley <> Thu, 27 March 2014 22:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AA1BE1A03CB for <>; Thu, 27 Mar 2014 15:52:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6qVcfx8gPb_a for <>; Thu, 27 Mar 2014 15:52:51 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c05::22e]) by (Postfix) with ESMTP id 03EA01A024E for <>; Thu, 27 Mar 2014 15:52:50 -0700 (PDT)
Received: by with SMTP id h18so126880igc.13 for <>; Thu, 27 Mar 2014 15:52:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ZFVJkb4dJ0D8YeoCtkAb8TrZzWljKOEOr3TlCDjAvak=; b=FfsTNdbZpRkdwpb5yrnJXi2tRAjM38LYroTlm0PiVQ114UVgwEdzcgci1TnOvb38XC jp5rBATedCdSNuJgzEjiT3Yj3gv3yus/w9E2BUD5crd6g3UzE3zezK/+Gf31nqpR3yu4 qf3aJR76mQ237ZQUH3runw/LnSqVdoqWVrkxY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=ZFVJkb4dJ0D8YeoCtkAb8TrZzWljKOEOr3TlCDjAvak=; b=fk85f/L+QQNoPwde/GmIdmyYmbFf2U/JlwN5RJJVK/L0QSpZZo8I+3S8EEu+I9wdq+ /nSdrdkTL06WRGBnLn3EfU8g8bofYyuPhROZlBQMDiQN6B0ZVvmf18sDlopEz822qgNC yKggsqRmLg68dgWKbjNfJm18s8Gwtk7LcgiCoOzHZeXZdskxvs58JRGRkyiT0Pw3kU0W klyKGTKbp8WqM+vKSHnaTBL3FbOized3m9a0ChdCdeII68RoObzvXGQShZfL3C/6Qe5/ e4tVTisd6lpg1qbcGkXFxqcEWdsK93E+v4Xi4csFV3+Bdvgx/0NnTEB99fCJC5UCr7D7 IE6A==
X-Gm-Message-State: ALoCoQkMKvmPpLK72VW11mcjTZtah1HGDeoG8yRK8ThkgsYnRPbXJcjbKe0QhAHndS1tTq98Q6AB
X-Received: by with SMTP id ad3mr34608262igd.23.1395960768936; Thu, 27 Mar 2014 15:52:48 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id 20sm652089igi.2.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 27 Mar 2014 15:52:48 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_A2214DB7-72A6-4246-8F35-54D0C0C79747"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Joe Abley <>
In-Reply-To: <>
Date: Thu, 27 Mar 2014 17:52:46 -0500
Message-Id: <>
References: <> <> <> <>
To: Nicholas Weaver <>
X-Mailer: Apple Mail (2.1874)
Cc: dnsop WG <>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Mar 2014 22:52:53 -0000

On 27 Mar 2014, at 17:47, Joe Abley <> wrote:

> There was a plan underway to roll the KSK. I was at ICANN briefly when that started (I spoke publicly, albeit briefly about it in the dnsop meeting in Berlin). I'm no longer at ICANN and hence no longer have anything authoritative to say, but it seems plausible that the events leading up to NTIA's announcement the other week caused some delays or rescheduling of the KSK roll project. A KSK roll would be a good opportunity to change the key size.

Oh, heh, I just got off 20 hours of planes across the Pacific. It's the ZSK we're talking about. Choosing a different parameter for the ZSK doesn't necessarily involve IANA. Root zone KSK rollover not relevant.

I will go and find some coffee.