Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Paul Hoffman <> Thu, 27 March 2014 14:52 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id DE9E51A03FF for <>; Thu, 27 Mar 2014 07:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V91xPJXTCBx6 for <>; Thu, 27 Mar 2014 07:52:30 -0700 (PDT)
Received: from (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by (Postfix) with ESMTP id 2D2961A06E3 for <>; Thu, 27 Mar 2014 07:52:30 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.8/8.14.7) with ESMTP id s2REqPPM044578 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 27 Mar 2014 07:52:27 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Paul Hoffman <>
In-Reply-To: <>
Date: Thu, 27 Mar 2014 07:52:24 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
X-Mailer: Apple Mail (2.1874)
Cc: dnsop WG <>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Mar 2014 14:52:32 -0000

On Mar 27, 2014, at 6:56 AM, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> wrote:

> and 1024B is estimated at only "a thousand times harder".

Does that estimate include a prediction that the method to factor RSA will improve significantly as it has in the past? The authors were unclear on that in their estimate.

> Do you really want someone like me to try to get an EC2 academic grant for the cluster and a big slashdot/boingboing crowd for the sieving to factor the root ZSK?

Yes. If doing it for the DNS root key is too politically challenging, maybe do it for one of the 1024-bit trust anchors in the browser root pile. Failing that, just do it for any 1024-bit key. Successes in the past for the RSA challenge have gotten movement to happen.

--Paul Hoffman