Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Matthäus Wander <matthaeus.wander@uni-due.de> Fri, 28 March 2014 16:12 UTC

Return-Path: <matthaeus.wander@uni-due.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6FE51A0146 for <dnsop@ietfa.amsl.com>; Fri, 28 Mar 2014 09:12:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.26
X-Spam-Level:
X-Spam-Status: No, score=-1.26 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaVqXjXodOUU for <dnsop@ietfa.amsl.com>; Fri, 28 Mar 2014 09:12:11 -0700 (PDT)
Received: from mailout.uni-due.de (mailout.uni-due.de [132.252.185.19]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBBC1A065A for <dnsop@ietf.org>; Fri, 28 Mar 2014 09:12:10 -0700 (PDT)
Received: from [192.168.8.100] (firewall.vs.uni-due.de [134.91.78.130]) (authenticated bits=0) by mailout.uni-due.de (8.13.1/8.13.1) with ESMTP id s2SGC7rN023975 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 28 Mar 2014 17:12:07 +0100
Message-ID: <53359F56.4020905@uni-due.de>
Date: Fri, 28 Mar 2014 17:12:06 +0100
From: =?windows-1252?Q?Matth=E4us_Wander?= <matthaeus.wander@uni-due.de>
Organization: Verteilte Systeme
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Bill Woodcock <woody@pch.net>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de> <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net>
In-Reply-To: <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050902040701080703060808"
X-Virus-Scanned: Clam Anti Virus - http://www.clamav.net
X-Spam-Scanned: SpamAssassin: 3.002004 - http://www.spamassassin.org
X-Scanned-By: MIMEDefang 2.57 on 132.252.185.19
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/ooV0jghQXXOApdpqqrwwC1elGM4
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 16:12:13 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Bill Woodcock [2014-03-27 23:54]:
> 
> On Mar 27, 2014, at 10:14 AM, Matthäus Wander
> <matthaeus.wander@uni-due.de> wrote:
>> Here's a small statistic about RSA key lengths of 741,552 signed 
>> second-level domains (collected on 2014-01-27, counting KSK and
>> ZSKs):
>> 
>> 1024 bit: 1298238 2048 bit: 698232 1280 bit: 28441 4096 bit:
>> 25326 512 bit:   8893 1536 bit: 385
> 
> Matthäus, do you have an easy way of separating out KSK from ZSK in
> your statistics?  FWIW, we’re currently doing 2048-bit KSK and
> 1024-bit ZSK, but will shortly be transitioning to 4096-and-2048.

Yes, here you go:

KSK:
2048 bit: 668634
1024 bit:  49861
4096 bit:  22646
 512 bit:   2460
1280 bit:    812
1536 bit:    314

ZSK:
1024 bit: 1248377
2048 bit:   29598
1280 bit:   27629
 512 bit:    6433
4096 bit:    2680
1032 bit:     310

Regards,
Matt

- -- 
Universität Duisburg-Essen
Verteilte Systeme
Bismarckstr. 90 / BC 316
47057 Duisburg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTNZ9WAAoJEFaVlPYoUriue2oH/1ObggrmrVD/xhLkGJgrmJtT
lVmiKufrAr4ega+xfdnpAGl3auYDmVzjBbjXUrmFRTb7vc0uuSIpBLpNWCHeFqN+
a3cQfltBquLGJ42vqo4t3PEbNspp+D/eP7ctqFj0qC3QALLgzrYLzBroH/TpErT6
050hqBkbwZghfVgZ37j+3hSfnRkr9gbpQSEstv95WVXQ3PKInz8JclE76fu8iG52
L0yRv2Iv23DF+2Zha0j3v7xP99mEVvnoifMk2KLKjFt+/VpTgKuzDxg/s/sMTRJp
KIuneTmaaDqBwPB2d/9/ieuwjIm+O39Hu37qkWBwlmZGwv2D1bvRXBJCaoC7kvE=
=FuVG
-----END PGP SIGNATURE-----