[dns-operations] Aging TLD RSA DNSKEYs...

A. Schulze sca at andreasschulze.de
Mon Jan 21 06:48:57 UTC 2019

Viktor Dukhovni:

> A fair question.  The pros are:
>   * The DNSSEC haters would not have the opportunity to sneer
>     all those long-lived 1024-bit keys.  The WebPKI has stopped
>     using RSA-1024, and NIST's key size guidelines had RSA-1024
>     only good through 2010 or so (IIRC).
>   * Even when keys are not brute forced, there is some risk of
>     keys getting disclosed by various means, sometimes unbeknownst
>     to the legitimate key holder.  So rotating keys periodically
>     is a sound practice.
>   * We don't know whether any of the TLAs can break 1024-bit RSA,
>     but the risk is taken seriously by at least some maintstream
>     cryptographers, so it seems prudent to move to stronger keys.
>   * Finally, if you never roll your keys routinely, you probably
>     don't know how to do it in an emergency.  Best to keep the
>     gears well oiled.

I also fully agree.
Key rotation is important not only for DNSSEC. Think about DKIM keys.
And as Let's Encrypt require certificate renew 4 times a year,
many WebPKI keys are rotated, too.

I don't see a reason to not rotate any keys.


More information about the dns-operations mailing list