On 19 jan 2015, at 19:22, David Conrad <[email protected]> wrote:
>
> In a similar but (IMHO) less specious vein:
>
> https://www.imperialviolet.org/2015/01/17/notdane.html
Adam's points on 1024-bit keys are starting to get valid (read the
Bernstein/Lange paper on why) and I believe we might need to revisit the
current recommendations sooner rather than later. If that means larger RSA keys
or just move to ECDSA (or both) needs further study.
One should also note, that it is possible for a validator to choose not to
trust an answer if it believes that some keys in the chain are too weak. Not
very useful while the root is still 1024-bit RSA, but might be if that changes.
jakob
