[dns-operations] .PL DNSSEC broken again

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Jun 17 19:33:16 UTC 2019

On Jun 17, 2019, at 3:05 PM, bert hubert <bert.hubert at powerdns.com> wrote:

> > Only because IETF does not have the guts to deprecate insecure spoofable DNS.
> Well, that is a novel concept. I imagine ETSI would rush in to respecify
> unauthenticated DNS though! 

I am happy to put the horse before the cart.  Let's get more
deployment first, ...  Deprecation comes later.

That said, we can certainly deprecate 512-bit RSA.  Since it has already
happened, we may as well say so.  More precisely, domains that only have
RSA keys < 1024 bits could be treated as "unsigned".  MUST NOT publish
in auth zones, MAY (or SHOULD) be ignored by resolvers.

There are only ~7k 512-bit keys left, mostly just some domains DNS-hosted
by gratisdns.dk.  Out of 10 million domains total, 7k is in the noise.

There is not broad agreement that 1024-bit RSA ZSKs are too weak.
More important would be more frequent rotation.  IIRC some of the
older ZSKs at various TLDs were expected to get rotated ~this summer.
We'll soon see whether that happened.

If 1024-bit keys are replaced sufficiently frequently, and given
that DNSSEC (unlike TLS) has no forward-secrecy exposure, 1024-bit
RSA ZSKs with a 90 or 180 day lifetime don't seem unreasonable.  A
non-trivial fraction of zones are using 1280-bit RSA ZSKs these
days, which is better, and ECDSA P-256 adoption is rising noticeably.



More information about the dns-operations mailing list