Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
Matthäus Wander <matthaeus.wander@uni-due.de> Thu, 27 March 2014 17:14 UTC
Return-Path: <matthaeus.wander@uni-due.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4601A06F6 for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 10:14:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.26
X-Spam-Level:
X-Spam-Status: No, score=-1.26 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MSjop4TnJkmR for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 10:14:35 -0700 (PDT)
Received: from mailout.uni-due.de (mailout.uni-due.de [132.252.185.19]) by ietfa.amsl.com (Postfix) with ESMTP id 55AD61A06E5 for <dnsop@ietf.org>; Thu, 27 Mar 2014 10:14:35 -0700 (PDT)
Received: from [192.168.8.100] (firewall.vs.uni-duisburg-essen.de [134.91.78.130]) (authenticated bits=0) by mailout.uni-due.de (8.13.1/8.13.1) with ESMTP id s2RHEV8U007864 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <dnsop@ietf.org>; Thu, 27 Mar 2014 18:14:32 +0100
Message-ID: <53345C77.8040603@uni-due.de>
Date: Thu, 27 Mar 2014 18:14:31 +0100
From: Matthäus Wander <matthaeus.wander@uni-due.de>
Organization: Verteilte Systeme
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: dnsop@ietf.org
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu>
In-Reply-To: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms020901030707060104060801"
X-Virus-Scanned: Clam Anti Virus - http://www.clamav.net
X-Spam-Scanned: SpamAssassin: 3.002004 - http://www.spamassassin.org
X-Scanned-By: MIMEDefang 2.57 on 132.252.185.19
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/EBoJnGCHGCcF_EV30rdlscAmQxQ
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 17:14:37 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Nicholas Weaver [2014-03-27 14:56]: > So why are both root and com and org and, well, just about > everyone else using 1024b keys for the actual signing? Here's a small statistic about RSA key lengths of 741,552 signed second-level domains (collected on 2014-01-27, counting KSK and ZSKs): > 1024 bit: 1298238 2048 bit: 698232 1280 bit: 28441 4096 bit: > 25326 512 bit: 8893 1536 bit: 385 Plus ~700 odd-sized RSA keys and ~250 DSA/GOST/ECDSA keys. A domain owner of one of the 512-bit keys told me, it was the default config in the signing tool he had used. Regards, Matt - -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTNFx3AAoJEFaVlPYoUriuqfQIAIhyRBYSoqQhjw3KnvmRt0Lm 1vurP5DPFUIpTGyZj5wvVfcj3SQvQ9ULivv+wYZ+XgnOyRf8JSfo62gcC69qED7J Meq8ZPnrG03SfFqaKdv/ArgMBxXBUZxxxixsbHrk80CuHOpdBnqXB0tvbFlRtEyG RHLUNK7vKPDFTnQXRErugtSrfJy1km49hq4SG3bGdTWfOLre3ML6QDDzFw/kb6AD r18sB3yBpFv6uXm98/2lNFDgBzvEBSUyU/abhQQNb/0H9Y8S+ekxXe1JfQEKdpIi F3Gazx6WfaJtHQRqJhEcTeP08eKMTGNMRlp3hzF8v7UmrocowXPW+xDWMsqUWtU= =lCBt -----END PGP SIGNATURE-----
- [DNSOP] Whiskey Tango Foxtrot on key lengths... Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Rose, Scott
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Thierry Moreau
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… S Moonesamy
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Jelte Jansen
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- [DNSOP] CD (Re: Whiskey Tango Foxtrot on key leng… Evan Hunt
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot on … Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Andrew Sullivan
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- [DNSOP] Current DNSOP thread and why 1024 bits Edward Lewis
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- [DNSOP] mailing list behavior Re: Current DNSOP t… Suzanne Woolf
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Rose, Scott
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Mark Andrews
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits David Conrad
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Ben Laurie
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Francis Dupont