[dns-operations] .NET Zone DNSSEC Operational Update -- ZSK length change
Wessels, Duane
dwessels at verisign.com
Mon Aug 5 15:58:04 UTC 2019
> On Aug 4, 2019, at 2:33 PM, Doug Barton <dougb at dougbarton.email> wrote:
>
> On 2019-07-09 7:11 PM, Wessels, Duane via dns-operations wrote:
>> Verisign is in the process of increasing the size and strength of
>> the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
>> it operates. As part of this process, the ZSK for the .NET zone
>> will be increased in size from 1024 to 1280 bits.
>
> Do you have any references on why 1280 bits? I'm not looking to criticize, hoping to learn something. :)
Doug,
We settled on 1280 bits (with NSEC3 zones) so that the responses all still fit in a single unfragmented IPv6 packet.
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4675 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190805/1fdbf555/attachment.bin>
More information about the dns-operations
mailing list