[dns-operations] Obsoleting 1024-bit RSA ZSKs (move to 1280 or algorithm 13)

Matt Nordhoff mnordhoff at gmail.com
Fri Oct 22 16:10:54 UTC 2021

This email is technically a reply to Viktor, but it's not really a
reply to anyone in particular.

There are challenges to upgrading to larger keys, or rolling
algorithms, but how insurmountable are they?

There are at least 139 TLDs using 2048-bit or larger DNSSEC keys
*right now* -- and that's excluding about two dozen that are in the
middle of migrating to a different registry and downgrading to
1280-bit ZSKs.

In mid-2020, one registry was doing some kind of migration and left a
few hundred TLDs entirely double-signed with 1280-bit RSA for a couple
of months. They were paying double their usual cryptography cost, and
the TCP cost (which was, granted, lower pre-Flag Day), and the
fragmentation cost.

Whatever expenses, deployment and planning difficulties there are, all
of these registries were able to handle them.

Many commercial DNS operators are multi-hundred-million or even
multi-billion dollar companies. Some of them could probably afford to
buy literally every HSM in the world. A few wouldn't even put a dent
in their quarterly numbers.

And if they want to get out of the industry, their customers can still
go elsewhere (despite the last decade of consolidation).
Matt Nordhoff

More information about the dns-operations mailing list