[dns-operations] Aging TLD RSA DNSKEYs...

Florian Weimer fweimer at redhat.com
Mon Jan 21 09:11:05 UTC 2019


* Paul Hoffman:

> Great for whom? This is a serious question. Given that there is no
> indication that RSA-1024 can be broken in a few years without hundreds
> of millions of dollars worth of work (unless TWIRL chips exist, and
> there is no indication that they do), what is the value to the DNS of
> rolling based on your calculations?

The DNS community assumes that each RSA signature weakens the public key
slightly, so that keys which create many signatures need to be replaced
periodically.

Thanks,
Florian



More information about the dns-operations mailing list