On Thu, 21 Jan 2010, Eric Rescorla wrote:
The point is that the numbers depend on your model of the attacker more than on the cryptography.
Yes, but my point is that the safety period depends on your assumptions about the attacker's resources, which is why this is not really a technical issue.
It is also based on the presumed technological advances of attackers. If you talk to a cryptographer about a 1024 bit RSA key, they will tell you "don't use that anymore". When you tell them "well, it is very useful to us to reduce packet size in DNS" they tell you "go use ECC". We made a technological trade of. Though extremely conservative, all the cryptographers (or really cryptanalysts) I talked to are more conservative then we have been. Whether you call this technical or philosophical, does not really change the issue. The model of the attacker is a fundamental part of the cryptography. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
