[dns-operations] .PL DNSSEC broken again
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Jun 17 19:33:16 UTC 2019
On Jun 17, 2019, at 3:05 PM, bert hubert <bert.hubert at powerdns.com> wrote:
> > Only because IETF does not have the guts to deprecate insecure spoofable DNS.
>
> Well, that is a novel concept. I imagine ETSI would rush in to respecify
> unauthenticated DNS though!
I am happy to put the horse before the cart. Let's get more
deployment first, ... Deprecation comes later.
That said, we can certainly deprecate 512-bit RSA. Since it has already
happened, we may as well say so. More precisely, domains that only have
RSA keys < 1024 bits could be treated as "unsigned". MUST NOT publish
in auth zones, MAY (or SHOULD) be ignored by resolvers.
There are only ~7k 512-bit keys left, mostly just some domains DNS-hosted
by gratisdns.dk. Out of 10 million domains total, 7k is in the noise.
There is not broad agreement that 1024-bit RSA ZSKs are too weak.
More important would be more frequent rotation. IIRC some of the
older ZSKs at various TLDs were expected to get rotated ~this summer.
We'll soon see whether that happened.
If 1024-bit keys are replaced sufficiently frequently, and given
that DNSSEC (unlike TLS) has no forward-secrecy exposure, 1024-bit
RSA ZSKs with a 90 or 180 day lifetime don't seem unreasonable. A
non-trivial fraction of zones are using 1280-bit RSA ZSKs these
days, which is better, and ECDSA P-256 adoption is rising noticeably.
http://stats.dnssec-tools.org/#keysize
http://stats.dnssec-tools.org/#parameter
--
Viktor.
More information about the dns-operations
mailing list