[dns-operations] Obsoleting 1024-bit RSA ZSKs (move to 1280 or algorithm 13)

[Matt Nordhoff]

This email is technically a reply to Viktor, but it's not really a
reply to anyone in particular.

There are challenges to upgrading to larger keys, or rolling
algorithms, but how insurmountable are they?

There are at least 139 TLDs using 2048-bit or larger DNSSEC keys
*right now* -- and that's excluding about two dozen that are in the
middle of migrating to a different registry and downgrading to
1280-bit ZSKs.

In mid-2020, one registry was doing some kind of migration and left a
few hundred TLDs entirely double-signed with 1280-bit RSA for a couple
of months. They were paying double their usual cryptography cost, and
the TCP cost (which was, granted, lower pre-Flag Day), and the
fragmentation cost.

Whatever expenses, deployment and planning difficulties there are, all
of these registries were able to handle them.

Many commercial DNS operators are multi-hundred-million or even
multi-billion dollar companies. Some of them could probably afford to
buy literally every HSM in the world. A few wouldn't even put a dent
in their quarterly numbers.

And if they want to get out of the industry, their customers can still
go elsewhere (despite the last decade of consolidation).
-- 
Matt Nordhoff