To:
"Miek Gieben" <miekg@atoom.net>
Cc:
<dnsop@cafax.se>
From:
"Scott Rose" <scottr@nist.gov>
Date:
Fri, 29 Aug 2003 08:43:36 -0400
Sender:
owner-dnsop@cafax.se
Subject:
Re: draft-kolkman-dnssec-operational-practices-00.txt
The key length <-> year sounds like a good reference doc. I'm sure the hard core security folk will want to consider other factors too (size of plaintext, etc.) but admins that do not have the time to study up on cryptography will want a handy guide. That and the other rules I talked about should give admins new to DNSSEC a place to start. Scott ----- Original Message ----- From: "Miek Gieben" <miekg@atoom.net> To: <dnsop@cafax.se> Sent: Thursday, August 28, 2003 6:02 AM Subject: Re: draft-kolkman-dnssec-operational-practices-00.txt > [On 25 Aug, @19:31, Scott wrote in "Re: draft-kolkman-dnssec-opera ..."] > > An opinion on section 3.2 (Security Key Considerations): It is the wrong > > place for a discourse on key strengh, but a reference would be good for > > further info for someone interested. Otherwise, it might be good to give > > some rough rules to follow such as "the larger the zone, the larger the key" > > and "larger the zone, zone key rollovers should be more frequent". > > thanks, I've added this. I think it is good to make such a non technical > statement about key sizes. > > References to documents regarding key sizes is still a good idea, but I don't > want to specify exact sizes in this draft. > > I do however have a document at home which has a table: year <-> key length. You > can just look up the year and then find a key length. This runs up until the > year 2025 (or something). Maybe that should be added as an reference... > > grtz Miek > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.