On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote: > > bmann...@vacation.karoshi.com writes: > > On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote: > >> Ekr has a very good blog posting on what seems like a bad security > >> decision being made by Verisign on management of the DNS root key. > >> > >> http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html > >> > >> In summary, a decision is being made to use a "short lived" 1024 bit key > >> for the signature because longer keys would result in excessively large > >> DNS packets. However, such short keys are very likely crackable in short > >> periods of time if the stakes are high enough -- and few keys in > >> existence are this valuable. > > > > however - the VSGN proposal meets current NIST guidelines. > > That doesn't say anything about how good an idea it is, any more than an > architect can make a building remain standing in an earthquake by > invoking the construction code. > > We are the sort of people who write these sorts of guidelines, and if > they're flawed, we can't use them as a justification for designs. > > (Well, a bureaucrat certainly can use such documents as a form of CYA, > but we're discussing technology here, not means of evading blame.) > > The fact is, the DNS root key is one of the few instances where it is > actually worth someone's time to crack a key because it provides > enormous opportunities for mischief, especially if people start trusting > it more because it is authenticated. Unlike your https session to view > your calendar or the password for your home router, the secret involved > here are worth an insane amount of money.
er... there is the root key and there is the ROOT KEY. the zsk only has a 90 day validity period. ... meets the "spec" and -ought- to be good enough. that said, it is currently a -proposal- and if credible arguments can be made to modify the proposal, I'm persuaded that VSGN will do so. > Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com