Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 27 March 2014 15:51 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AF481A06E5 for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 08:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Level:
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id thZR6Vrw3VvG for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 08:51:47 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id 71EAD1A069E for <dnsop@ietf.org>; Thu, 27 Mar 2014 08:51:47 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id DC2DC280292; Thu, 27 Mar 2014 16:51:44 +0100 (CET)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id D6CFF28028E; Thu, 27 Mar 2014 16:51:44 +0100 (CET)
Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay2.nic.fr (Postfix) with ESMTP id CB038B3E72A; Thu, 27 Mar 2014 16:51:14 +0100 (CET)
Date: Thu, 27 Mar 2014 16:51:14 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "Rose, Scott" <scott.rose@nist.gov>
Message-ID: <20140327155114.GB10892@nic.fr>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <D9C84C71-1C87-48B3-AFAD-9F9D4AD97649@hopcount.ca> <69486672-0440-455E-912E-233F00698BC3@nist.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <69486672-0440-455E-912E-233F00698BC3@nist.gov>
X-Operating-System: Debian GNU/Linux 7.4
X-Kernel: Linux 3.2.0-4-686-pae i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/aOPY0oVAhGOWLMxVL2Pp5EBCp2k
Cc: dnsop WG <dnsop@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, Joe Abley <jabley@hopcount.ca>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 15:51:50 -0000

On Thu, Mar 27, 2014 at 03:17:04PM +0000,
 Rose, Scott <scott.rose@nist.gov> wrote 
 a message of 45 lines which said:

> It is likely safe enough now to increase to 2048 for both KSK and
> ZSK.  Zones are doing this now and haven't seen any horror stories.

If you want to test, rd.nic.fr has large KSK and ZSK (not because we
believe it is necessary for security but because we wanted to explore
the limits).