[dns-operations] .NET Zone DNSSEC Operational Update -- ZSK length change
Doug Barton
dougb at dougbarton.email
Mon Aug 5 20:30:39 UTC 2019
On 2019-08-05 08:58, Wessels, Duane wrote:
>> On Aug 4, 2019, at 2:33 PM, Doug Barton <dougb at dougbarton.email>
>> wrote:
>>
>> On 2019-07-09 7:11 PM, Wessels, Duane via dns-operations wrote:
>>> Verisign is in the process of increasing the size and strength of
>>> the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
>>> it operates. As part of this process, the ZSK for the .NET zone
>>> will be increased in size from 1024 to 1280 bits.
>>
>> Do you have any references on why 1280 bits? I'm not looking to
>> criticize, hoping to learn something. :)
>
>
> Doug,
>
> We settled on 1280 bits (with NSEC3 zones) so that the responses all
> still fit in a single unfragmented IPv6 packet.
Interesting, thanks!
More information about the dns-operations
mailing list