IETF Logo Mail Archive

Re: [DNSOP] Key sizes

bmanning@vacation.karoshi.com Sat, 25 April 2009 02:28 UTC

Return-Path: <bmanning@karoshi.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2123A3A67AC for <dnsop@core3.amsl.com>; Fri, 24 Apr 2009 19:28:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.81
X-Spam-Level:
X-Spam-Status: No, score=-5.81 tagged_above=-999 required=5 tests=[AWL=0.789, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEWQ8Asg+hXp for <dnsop@core3.amsl.com>; Fri, 24 Apr 2009 19:28:39 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by core3.amsl.com (Postfix) with ESMTP id 656183A63EC for <dnsop@ietf.org>; Fri, 24 Apr 2009 19:28:39 -0700 (PDT)
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id n3P2TnBh013549; Sat, 25 Apr 2009 02:29:51 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id n3P2TifA013548; Sat, 25 Apr 2009 02:29:44 GMT
Date: Sat, 25 Apr 2009 02:29:44 +0000
From: bmanning@vacation.karoshi.com
To: Joe Abley <jabley@hopcount.ca>
Message-ID: <20090425022944.GC12422@vacation.karoshi.com.>
References: <alpine.LFD.1.10.0904221147060.7510@newtla.xelerance.com> <49EFA9C3.6090903@ca.afilias.info> <alpine.LFD.1.10.0904231142590.7788@newtla.xelerance.com> <alpine.LFD.1.10.0904241052270.26808@newtla.xelerance.com> <p06240813c61798e7e391@[10.20.30.158]> <20090424174722.GA30229@isc.org> <alpine.LFD.1.10.0904241514300.28588@newtla.xelerance.com> <14F6B497-51D8-4719-B3C2-814A7D20940D@hopcount.ca> <p0624087bc618150afc11@[10.20.30.158]> <90A997B2-4700-479E-9E49-CB84E2FCCBCA@hopcount.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <90A997B2-4700-479E-9E49-CB84E2FCCBCA@hopcount.ca>
User-Agent: Mutt/1.4.1i
Cc: dnsop@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Key sizes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2009 02:28:40 -0000

Yo Joe,

	many moons back, it was pointed out to me by some cryto folks that there is an
interesting relationship btwn key length and signature duration.  One could make the argument
that for persistent delegations, you might want to ensure longer length keys and possibly
longer duration signatures than you might have for a DHCP lease whos's lifetime is 20 minutes.
	e.g. a leaf assignment that lasts no longer than 20 minutes might not justify the
operational cost of a 4096bit key generation/propogation, while a well-known TLD (.JOE)
might well justify a 4096bit key.  you might say that key length should/could be inversely
proporational to the delegation placement in the namespace.

	but you knew this.

--bill

v2.23.0 | Report a Bug | By Email