[dns-operations] EdDSA status ?
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Jun 4 15:16:03 UTC 2018
> On Jun 4, 2018, at 10:30 AM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> Of 7,042,570 extant RSA ZSKs, 3,058,239 are 180 days or older.
> Among RSA ZKS of this age, the key size distribution by zone
> count is:
>
> zskdomains | bits
> ------------+------
> 5445 | 4096
> 33523 | 2048
> 175813 | 1280
> 2333483 | 1024
> 6767 | 512
>
> So around half (not all the domains in the survey were known
> 180 days ago) of the RSA-1024 ZSKs are still listed in the
> DNSKEY RRset after 180 days.
Indeed 180 days ago (prior to the great 512-bit DNSKEY purge at
wedos.cz, thanks!) the distribution of known RSA key sizes by
zone count was:
zskdomains | bits
------------+------
6408 | 4096
86255 | 2048
192168 | 1280
3915421 | 1024
64484 | 512
So the survival rate of 180+ day old 1024-bit RSA ZSKs is ~60%.
--
Viktor.
More information about the dns-operations
mailing list