Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Phillip Hallam-Baker <hallam@gmail.com> Thu, 27 March 2014 15:06 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE5D11A075F for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 08:06:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtmc5O4Oh97E for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 08:06:02 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id 587591A0760 for <dnsop@ietf.org>; Thu, 27 Mar 2014 08:06:02 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id c11so2747340lbj.12 for <dnsop@ietf.org>; Thu, 27 Mar 2014 08:06:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aluJA80H1OtKC3ISgEdpJn2r6CPPQnzi7QxRvmECL/k=; b=LMsvfXS6xuGw3MHGQtxOSCj4TukvQOF8VEy1lpgx8Hqhntg0R+r1eLvGKW07vhBXUo o9sUXNdV7ah67RBXY7CKrdrS2Tc9gTANMhZ42sB2A22MY2cuHey4nx3XzVYhq7PVZ5CG FtzO1xeAQKiojtjYyNOha75i+dlNYLRuejprxzTTg2tJh/c89MveIofREXDo6ofGJ24m 0qaTkO2axcIjI7inI/wSJiidR6Nrb3yTBlQR+0kXxzI0+hzwozRNJp+P9nO/jxQEUmE1 p8XHbxHyAKZCavg94qRMMvCSTvejvuDI6OGsveByP64i2IFKGaQAkL8KgCjmC/HwCZwP LmuQ==
MIME-Version: 1.0
X-Received: by 10.152.42.230 with SMTP id r6mr1315985lal.32.1395932759871; Thu, 27 Mar 2014 08:05:59 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 27 Mar 2014 08:05:59 -0700 (PDT)
In-Reply-To: <4B70E4D6-6750-4E5A-9058-7F94588DEF4C@vpnc.org>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <4B70E4D6-6750-4E5A-9058-7F94588DEF4C@vpnc.org>
Date: Thu, 27 Mar 2014 11:05:59 -0400
Message-ID: <CAMm+LwgvXzDJGVMoueXZzv3WqLpAjP+QNBqVPJDHgZpsuu26nw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary=001a11c3678048563504f597ecac
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/qvxHhIcCXXznVdTZOGJl42-bTiY
Cc: dnsop WG <dnsop@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 15:06:12 -0000

On Thu, Mar 27, 2014 at 10:52 AM, Paul Hoffman <paul.hoffman@vpnc.org>wrote;wrote:

> On Mar 27, 2014, at 6:56 AM, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
> wrote:
>
> > and 1024B is estimated at only "a thousand times harder".
>
> Does that estimate include a prediction that the method to factor RSA will
> improve significantly as it has in the past? The authors were unclear on
> that in their estimate.
>
> > Do you really want someone like me to try to get an EC2 academic grant
> for the cluster and a big slashdot/boingboing crowd for the sieving to
> factor the root ZSK?
>
> Yes. If doing it for the DNS root key is too politically challenging,
> maybe do it for one of the 1024-bit trust anchors in the browser root pile.
> Failing that, just do it for any 1024-bit key. Successes in the past for
> the RSA challenge have gotten movement to happen.
>

RSA-768 was factored just after that NIST guidance was published.

Based on previous history I expect RSA896 to be factored in the near
future. In fact it might have been factored already if all the worlds spare
CPU cycles were doing something more useful than mining bitcoin. So relying
on 1024 bit RSA is really leaving no margin for error.

-- 
Website: http://hallambaker.com/