Yo Joe,
many moons back, it was pointed out to me by some cryto folks that
there is an
interesting relationship btwn key length and signature duration. One could
make the argument
that for persistent delegations, you might want to ensure longer length keys
and possibly
longer duration signatures than you might have for a DHCP lease whos's lifetime
is 20 minutes.
e.g. a leaf assignment that lasts no longer than 20 minutes might not
justify the
operational cost of a 4096bit key generation/propogation, while a well-known
TLD (.JOE)
might well justify a 4096bit key. you might say that key length should/could
be inversely
proporational to the delegation placement in the namespace.
but you knew this.
--bill
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
