Also see thread starting at: http://darkwing.uoregon.edu/~llynch/dnsop/msg03465.html
Ed was the last one to reply to olaf: > > >> #4.2.1.3 Pros and Cons of the Schemes > >> > >> # Pre-publish-key set rollover: This rollover does not involve signing > >> # the zone data twice. Instead, before the actual rollover, the new > >> # key is published in the key set and thus available for > >> # cryptanalysis attacks. A small disadvantage is that this process > >> # requires four steps. Also the pre-publish scheme involves more > >> # parental work when used for KSK rollovers as explained in > >> # Section 4.2. > >> > >> I don't think that cryptanalysis is possible without a signature to go > >> along with the public key, however, dictionary attacks are possible. > >> (As in "where have I seen this public key before and did I break it?") > > > >The cryptanalysis attack was mentioned in 4.2.1.3, should we remove > >that line? > > > >Your editor needs guidance. > > Does anyone else have an opinion. I've been led to believe my > comment by others professing cryptology expertise. Maybe I've been > misled or I misunderstood the problem. The question is: does publishing the public key material make the keypair vulnarable for cryptanalysis If so the paragraph stays as is, if not the second sentence "Instead ... attacks" will be removed. --Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC ---------------------------------| JID: olaf at jabber.secret-wg.org . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
