Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Joe Abley <jabley@hopcount.ca> Thu, 27 March 2014 14:23 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 957E51A0400 for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 07:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wnL9F9bAkTL5 for <dnsop@ietfa.amsl.com>; Thu, 27 Mar 2014 07:23:00 -0700 (PDT)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 19B6A1A02DB for <dnsop@ietf.org>; Thu, 27 Mar 2014 07:22:59 -0700 (PDT)
Received: by mail-qg0-f45.google.com with SMTP id j5so2881295qga.32 for <dnsop@ietf.org>; Thu, 27 Mar 2014 07:22:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=I9/S2j/rU0CYin6S44FwB0cRR8EN9V/Lvdp+oANvidU=; b=Ijywrkl3FTkfJoLxqyT2Mc+jaVPNuWUszB7neKY5A0+ZTexVF/rQO8VP925x+XuRuK pKCKAO3+2vPHP8vVg7SR5zgpgYcNDY1WLar8qc+4f98rgwhihLNpK76jh5fQZRnNtQIb jraUXYD5V22etuDQoNEotNHw/QNUKsMqL/GTM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=I9/S2j/rU0CYin6S44FwB0cRR8EN9V/Lvdp+oANvidU=; b=Bwx4ULNvGnmf6Sg5NEmGVd4oOCKcYxDCET30B5ip6VQHzyCQ9rEs7nDfIqpmDdSRXi lLEbmRG7dRL7Tn4RFWl8pH7kRoqlkU7DbrSd6VeG3kn1REpg/FKK1btRMCjTDukOW+VD 88AQhTZP/2X7xZ6cnK4XpFPUei2C1BJ+Iqh10orQlV8uUrPTzVOxueq1IaJnzyihKvky SX32R+zeN/UJhgTANUWehGRw1DrmJAk+xTxoOR16JBZ7V3MnXeeYhymXSeAI5z19yk6U hoJhG+FavxcRaeHnogQSuQeBaupf5voVfAO9qYk0BkMiFu835E6iuK1RzfccEKGuaNjQ 34iA==
X-Gm-Message-State: ALoCoQk+9YP30xI4iz+5u2q5XHLS5naJ/eMyi0+qcJ8WxJrSWHiXA7ryCZsyrwRA4gsNmttZuNyj
X-Received: by 10.229.58.68 with SMTP id f4mr2490769qch.18.1395930178028; Thu, 27 Mar 2014 07:22:58 -0700 (PDT)
Received: from [172.19.248.61] ([64.88.227.134]) by mx.google.com with ESMTPSA id g7sm1153948qaf.14.2014.03.27.07.22.51 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 27 Mar 2014 07:22:56 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_DAC6E807-1E04-4527-96B2-091B79914363"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu>
Date: Thu, 27 Mar 2014 23:22:42 +0900
Message-Id: <D9C84C71-1C87-48B3-AFAD-9F9D4AD97649@hopcount.ca>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/xTEQ3xoWJgnrUgg6DXVYURjAGKo
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2014 14:23:05 -0000

On 27 Mar 2014, at 22:56, Nicholas Weaver <nweaver@icsi.berkeley.edu> wrote:

> Bits are not precious:  Until a DNS reply hits the fragmentation limit of ~1500B, size-matters-not (tm, Yoda Inc).  
> 
> So why are both root and com and org and, well, just about everyone else using 1024b keys for the actual signing?

Those requirements (for the root zone keys) came from NTIA via NIST:

http://www.ntia.doc.gov/files/ntia/publications/dnssec_requirements_102909.pdf (9)(a)(i)

(well, NIST specified a minimum key size, but the implication at the time was that that was a safe minimum).

Bear in mind, I guess, that these keys have a publication lifetime that is relatively short. The window in which a factoring attack has an opportunity to find a result that can be exploited as a compromise is fairly narrow.


Joe