[Opendnssec-user] Default ZSK sizes

Miek Gieben miek at miek.nl
Tue Jan 24 21:31:57 UTC 2012

[ Quoting <ondrej at sury.org> at 17:15 on Jan 24 in "[Opendnssec-user] De..." ]
> and the result was that <1024 RSA keys are insecure (in fact 512bit
> keys can be factorized on common hardware).

1024 and 512 bits is a bit of a leap in rsa land...

> These numbers are just for 2012 and maybe updated as time changes.
> Since almost anybody will just use default numbers in kasp.xml, I propose
> that we bump the default number for ZSK to 1280.
> Any opinions?

I always get a bit sad because of these mails... If rsa is vulnerable
there are better targets than the DNS.

Miek Gieben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120124/fd923356/attachment.bin>

More information about the Opendnssec-user mailing list