Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Bill Woodcock <woody@pch.net> Thu, 27 March 2014 22:55 UTC

Return-Path: <woody@pch.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C40D1A03DD for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 15:55:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.288
X-Spam-Level:
X-Spam-Status: No, score=0.288 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YA5cZRjW_N4u for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 15:55:13 -0700 (PDT)
Received: from ldap-01.pch.net (ldap-01.pch.net [206.220.231.75]) by ietfa.amsl.com (Postfix) with ESMTP id AB01D1A0274 for <dnsop@ietf.org>; Thu, 27 Mar 2014 15:55:13 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [119.197.233.15] ([119.197.233.15]) (authenticated user woody@pch.net) by ldap-01.pch.net (Kerio Connect 7.4.2) (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Thu, 27 Mar 2014 15:55:11 -0700
Content-Type: multipart/signed; boundary="Apple-Mail=_9DBA6A23-EDD8-4EE9-9CDB-CEE1E41823C4"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <53345C77.8040603@uni-due.de>
Date: Thu, 27 Mar 2014 15:54:47 -0700
Message-Id: <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de>
To: =?iso-8859-1?Q?Matth=E4us_Wander?= <matthaeus.wander@uni-due.de>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/pqVjwiCMUiXCCt-sdJk4VjsH_7I
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 22:55:14 -0000

On Mar 27, 2014, at 10:14 AM, Matthäus Wander <matthaeus.wander@uni-due.de> wrote:
> Here's a small statistic about RSA key lengths of 741,552 signed
> second-level domains (collected on 2014-01-27, counting KSK and ZSKs):
> 
> 1024 bit: 1298238
> 2048 bit: 698232
> 1280 bit: 28441
> 4096 bit: 25326
> 512 bit:   8893
> 1536 bit: 385

Matthäus, do you have an easy way of separating out KSK from ZSK in your statistics?  FWIW, we’re currently doing 2048-bit KSK and 1024-bit ZSK, but will shortly be transitioning to 4096-and-2048.

                                -Bill