Ekr has a very good blog posting on what seems like a bad security
decision being made by Verisign on management of the DNS root key.


In summary, a decision is being made to use a "short lived" 1024 bit key
for the signature because longer keys would result in excessively large
DNS packets. However, such short keys are very likely crackable in short
periods of time if the stakes are high enough -- and few keys in
existence are this valuable.

Perry E. Metzger                pe...@piermont.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to