On Wed, 22 Apr 2009, Shane Kerr wrote:
I don't think this is a waste, really. I think if we recommend 1024 as the text does, then we'll have to revisit it in 3 or 4 years.
Is this for ZSK or KSK? Because if you pick equal sizes, then both would be equally vulnerable to the same brute force attack, and often cycling a ZSK of equal size to the KSK key does not make much sense - the attackers would just ignore the ZSK and go for the KSK instead. So using a 2048 ZSK sort of implies using a larger KSK. Unless you keep the ZSK for 6 months or so. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
