[dns-operations] RSASHA256 versus RSASHA512

Chris Thompson cet1 at cam.ac.uk
Sun Mar 6 00:34:18 UTC 2011

On Mar 6 2011, George Barwood wrote:

>I'm trying to understand why RSASHA256 (algorithm 8) appears to be
>more popular than RSASHA512 (algorithm 10).

Because it was used for the root zone, and so became de facto required
to implement? Whether people are thinking "there might be perverse
implementations that do RSASHA256 but not RSASHA512", or alternatively
"if SHA-256 is broken the root zone signatures are toast, anyway"
is not obvious.

I believe there are just three TLDs using RSASHA512: "cat", "cz" & "museum".

>Keys and signatures are the same size, except that RSASHA512 keys are
>mandated to be at least 1024 bits rather than 512 bits.

I would *like* to believe it was that, as 1024 bits is still overkill
for most ZSKs, whatever NIST say. But hardly anyone uses smaller moduli.

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.

More information about the dns-operations mailing list