Re: [DNSOP] key lengths for DNSSEC

Christopher Morrow <morrowc.lists@gmail.com> Wed, 02 April 2014 15:32 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FCB21A026A for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 08:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wp76HxeC1mLs for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 08:31:59 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) by ietfa.amsl.com (Postfix) with ESMTP id BEBAC1A0267 for <dnsop@ietf.org>; Wed, 2 Apr 2014 08:31:58 -0700 (PDT)
Received: by mail-lb0-f181.google.com with SMTP id c11so299317lbj.40 for <dnsop@ietf.org>; Wed, 02 Apr 2014 08:31:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=fkLOr/Sk5wDV3q6a+4jcHnOFVpJhIw2WuYbcYG1+xQA=; b=H4uQcnLIUTYSYHta/MKxRZY/YiwHQq7WD/ejNJXJBcMghL2tjuAlBveqbMZMeTbtB0 6Aa4+VvT1HnstF0l+u0Wa12sju7HmE7isDTRem3qddDeRy/v4nS+V7c5sgHzehj0dZp3 OQeAIS53rBBApag9DEha/7Rj9eEytx1vbdXzmkvQT7Vuwa5oqf7d5uQJPMnwXMW66/M8 E2luI+c6GV68g0MAH+DBRg0AvTLA5kbxCSAKgEn25zZADjxdaYpqUEvFuqG6LPS1PWFZ ThzC0ZFGC7W1FEHNGP6mFL/gxThgN/z09U/4GyCtI/dFBk0J/FBoDhzQjXTABmVdxCYy NtVQ==
MIME-Version: 1.0
X-Received: by 10.112.150.233 with SMTP id ul9mr539688lbb.2.1396452714024; Wed, 02 Apr 2014 08:31:54 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.152.45.196 with HTTP; Wed, 2 Apr 2014 08:31:53 -0700 (PDT)
In-Reply-To: <1D0A45EF-E5D3-468D-BA08-E45FEF4399DE@dnss.ec>
References: <78F386B0-BC6B-4159-B9D4-4BFEB10252A6@rfc1035.com> <1D0A45EF-E5D3-468D-BA08-E45FEF4399DE@dnss.ec>
Date: Wed, 02 Apr 2014 11:31:53 -0400
X-Google-Sender-Auth: CXjaq5FdEAHrsRD-pQcsZ47qw_w
Message-ID: <CAL9jLab5dp4_4bsO565GqcLdOFEmWvNVd=LLcLySouyMNyTJTw@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: đź”’ Roy Arends <roy@dnss.ec>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/u5wxRcprYbfIPhRDBvptfgMK-fs
Cc: IETF DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] key lengths for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 15:32:03 -0000

On Wed, Apr 2, 2014 at 11:19 AM, đź”’ Roy Arends <roy@dnss.ec> wrote:

> Just a thought that occured to me. Crypto-maffia folk are looking for a minimum (i.e. at least so many bits otherwise its insecure). DNS-maffia folk are looking for a maximum (i.e. at most soo many bits otherwise fragmentation/fallback to tcp). It seems that the cryptomaffia’s minimum might actually be larger than the DNS-maffia’s maximum.
>
> As an example (dns-op perspective).
>
> Average case: 2 keys (KSK/ZSK) + 1 sig (by KSK) with 2048 bit keys is at least 768 bytes (and then some).
> Roll case: 3 keys(2 KSK/1 ZSK) + 2 sig (by KSK) with 2048 bit keys is at least 1280 bytes (and then some).
>

Part of jim's query is of interest:
  "Where are the requirements?" (boiled down some to that I think)

There's also a point I asked about previously in jim's note:
  "Where's the POC at?"

I don't think anyone's going to change anything without your referred
to 2008-like incident... and without some requirements at least as a
swag, right?

I'd expect the key length discussion relates pretty closely to:
  "If I can factor the key in less time than you will rotate keys..."

So, how often to the keys rotate? at least every 30 days? So you have
to be able to be 'secure' longer than 30 days of compute resources
time, right?

> Then there is this section in SAC63: "Interaction of Response Size and IPv6 Fragmentation”
>
> Which relates to response sizes larger than 1280 and IPv6 and blackhole effects.
>
> https://www.icann.org/en/groups/ssac/documents/sac-063-en.pdf

good times :(