[dns-operations] .PL DNSSEC broken again
philip.homburg at ripe.net
Tue Jun 18 09:34:18 UTC 2019
On 2019/06/17 21:33 , Viktor Dukhovni wrote:
> There is not broad agreement that 1024-bit RSA ZSKs are too weak.
> More important would be more frequent rotation. IIRC some of the
> older ZSKs at various TLDs were expected to get rotated ~this summer.
> We'll soon see whether that happened.
> If 1024-bit keys are replaced sufficiently frequently, and given
> that DNSSEC (unlike TLS) has no forward-secrecy exposure, 1024-bit
> RSA ZSKs with a 90 or 180 day lifetime don't seem unreasonable.
I'm very worried about the line of reasoning.
First, it is used as a reason to not deploy DANE because a sizable group
is just not going to trust weak RSA encryption.
Second, this is similar to arguments to (continue) using SHA1 only to
find later that the specific arguments that would make it safe are
violated. We need robust security, not security that depends on all
kinds of boundary conditions to be safe.
And finally, we have no operational experience with breaking 1024 bit
RSA. We cannot say anything for sure about how long it will take to
break it. The normal rule in security is that if there is a practical
way to break something, move on. That comes back to the first point,
where people don't take the DNSSEC community seriously as long as we
keep using weak key lengths.
More information about the dns-operations