Yo Joe, many moons back, it was pointed out to me by some cryto folks that there is an interesting relationship btwn key length and signature duration. One could make the argument that for persistent delegations, you might want to ensure longer length keys and possibly longer duration signatures than you might have for a DHCP lease whos's lifetime is 20 minutes. e.g. a leaf assignment that lasts no longer than 20 minutes might not justify the operational cost of a 4096bit key generation/propogation, while a well-known TLD (.JOE) might well justify a 4096bit key. you might say that key length should/could be inversely proporational to the delegation placement in the namespace.
but you knew this. --bill _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop