Re: [DNSOP] Key sizes
bmanning@vacation.karoshi.com Sat, 25 April 2009 02:28 UTC
Return-Path: <bmanning@karoshi.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2123A3A67AC for <dnsop@core3.amsl.com>; Fri, 24 Apr 2009 19:28:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.81
X-Spam-Level:
X-Spam-Status: No, score=-5.81 tagged_above=-999 required=5 tests=[AWL=0.789, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEWQ8Asg+hXp for <dnsop@core3.amsl.com>; Fri, 24 Apr 2009 19:28:39 -0700 (PDT)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by core3.amsl.com (Postfix) with ESMTP id 656183A63EC for <dnsop@ietf.org>; Fri, 24 Apr 2009 19:28:39 -0700 (PDT)
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id n3P2TnBh013549; Sat, 25 Apr 2009 02:29:51 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id n3P2TifA013548; Sat, 25 Apr 2009 02:29:44 GMT
Date: Sat, 25 Apr 2009 02:29:44 +0000
From: bmanning@vacation.karoshi.com
To: Joe Abley <jabley@hopcount.ca>
Message-ID: <20090425022944.GC12422@vacation.karoshi.com.>
References: <alpine.LFD.1.10.0904221147060.7510@newtla.xelerance.com> <49EFA9C3.6090903@ca.afilias.info> <alpine.LFD.1.10.0904231142590.7788@newtla.xelerance.com> <alpine.LFD.1.10.0904241052270.26808@newtla.xelerance.com> <p06240813c61798e7e391@[10.20.30.158]> <20090424174722.GA30229@isc.org> <alpine.LFD.1.10.0904241514300.28588@newtla.xelerance.com> <14F6B497-51D8-4719-B3C2-814A7D20940D@hopcount.ca> <p0624087bc618150afc11@[10.20.30.158]> <90A997B2-4700-479E-9E49-CB84E2FCCBCA@hopcount.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <90A997B2-4700-479E-9E49-CB84E2FCCBCA@hopcount.ca>
User-Agent: Mutt/1.4.1i
Cc: dnsop@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Key sizes
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Apr 2009 02:28:40 -0000
Yo Joe, many moons back, it was pointed out to me by some cryto folks that there is an interesting relationship btwn key length and signature duration. One could make the argument that for persistent delegations, you might want to ensure longer length keys and possibly longer duration signatures than you might have for a DHCP lease whos's lifetime is 20 minutes. e.g. a leaf assignment that lasts no longer than 20 minutes might not justify the operational cost of a 4096bit key generation/propogation, while a well-known TLD (.JOE) might well justify a 4096bit key. you might say that key length should/could be inversely proporational to the delegation placement in the namespace. but you knew this. --bill
- [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bis-01… Internet-Drafts
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Shane Kerr
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Edward Lewis
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-rfc4641bi… Florian Weimer
- [DNSOP] HSMs was Re: I-D Action:draft-ietf-dnsop-… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Stephane Bortzmeyer
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- [DNSOP] Key sizes was Re: I-D Action:draft-ietf-d… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Andrew Sullivan
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Chris Thompson
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Shane Kerr
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Jelte Jansen
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Evan Hunt
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Edward Lewis
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] Key sizes bmanning
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Hoffman
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Paul Wouters
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Ted Lemon
- Re: [DNSOP] Key sizes was Re: I-D Action:draft-ie… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Peter Koch
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Joe Abley
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Edward Lewis
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Hoffman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Francis Dupont
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Olaf Kolkman
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Richard Lamb
- Re: [DNSOP] HSMs was Re: I-D Action:draft-ietf-dn… Paul Wouters
- [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. bmanning
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olafur Gudmundsson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. John Dickinson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. W.C.A. Wijngaards
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Matt Larson
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- [DNSOP] threads having "jumped the shark" was Re:… Edward Lewis
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Jakob Schlyter
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Eric Rescorla
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Andrew Sullivan
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Mark Andrews
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Alex Bligh
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Florian Weimer
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Olaf Kolkman
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Todd Glassey
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Nicholas Weaver
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Evan Hunt
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Roy Arends
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Paul Wouters
- Re: [DNSOP] rfc4641bis: NSEC vs NSEC3. Doug Barton