[Opendnssec-user] Default ZSK sizes
miek at miek.nl
Tue Jan 24 21:31:57 UTC 2012
[ Quoting <ondrej at sury.org> at 17:15 on Jan 24 in "[Opendnssec-user] De..." ]
> and the result was that <1024 RSA keys are insecure (in fact 512bit
> keys can be factorized on common hardware).
1024 and 512 bits is a bit of a leap in rsa land...
> These numbers are just for 2012 and maybe updated as time changes.
> Since almost anybody will just use default numbers in kasp.xml, I propose
> that we bump the default number for ZSK to 1280.
> Any opinions?
I always get a bit sad because of these mails... If rsa is vulnerable
there are better targets than the DNS.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Opendnssec-user