IETF Logo Mail Archive

[DNSOP] key lengths for DNSSEC

Jim Reid <jim@rfc1035.com> Wed, 02 April 2014 14:19 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96FDD1A0229 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 07:19:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nb1tCfON7Eh3 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 07:19:25 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) by ietfa.amsl.com (Postfix) with ESMTP id BDEC01A0220 for <dnsop@ietf.org>; Wed, 2 Apr 2014 07:19:25 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id A420A242120A for <dnsop@ietf.org>; Wed, 2 Apr 2014 14:19:20 +0000 (UTC)
From: Jim Reid <jim@rfc1035.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <78F386B0-BC6B-4159-B9D4-4BFEB10252A6@rfc1035.com>
Date: Wed, 02 Apr 2014 15:19:20 +0100
To: IETF DNSOP WG <dnsop@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/zWOU2yY2YxXwB2xjJJvwrl5RCho
Subject: [DNSOP] key lengths for DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 14:19:31 -0000

There's been a lot of noise and very little signal in the recent discussion.

It would be helpful if there was real data on this topic. Is an RSA key of N bits too "weak" or too "strong"? I don't know. Is N bits "good enough"? Probably. Change the algorithm and/or value of N to taste.

My gut feel is large ZSKs are overkill because the signatures should be short-lived and the keys rotated frequently. Though the trade-offs here are unclear: is a 512-bit key that changes daily (say) better than a 2048-bit key that gets rotated once a week/month/whatever? Remember too we're not talking about keys to launch ICBMs or authenticate billion dollar transactions. I doubt it matters if a previous key can be cracked provided it gets retired before the bad guys can throw enough CPU-years to break it.

However I'm just going on my own gut feel and common sense which could be wrong. Large keys might well be advisable at the root and/or for TLD KSKs. But so far there does not appear to have been much science or engineering on just how large those keys should be or how frequently they change. So in the absence of other firm foundations the established wisdom becomes "do what gets done for the root".

If there is a threat or risk here, please present solid evidence. Or, better still, an actual example of how any DNSSEC key has been compromised and then used for a real-world (or proof of concept) spoofing attack. 


BTW, the apparent profanity on an earlier thread was annoying because it didn't spell "whisky" correctly. As every drinker of fine single malt knows. :-)

v2.23.0 | Report a Bug | By Email