[dnssec-deployment] binary arthimatic
Scott Rose
scottr at nist.gov
Mon Dec 20 15:14:46 EST 2004
Can't say if I really agree with it or not, but considering most .gov
policies go with "use a minimum of X bits", the NIST DNS Security guide will
state something along the lines of choice a) (smallest key).
I don't know if that is sufficient, but it should be. Enough thought goes
into determining the minimum length (by people smarter than I), to put trust
in it.
Scott
> -----Original Message-----
> From: DNSSEC deployment [mailto:dnssec-deployment at shinkuro.com]On Behalf
> Of bmanning at vacation.karoshi.com
> Sent: Monday, December 20, 2004 2:24 PM
> To: DNSSEC deployment
> Subject: [dnssec-deployment] binary arthimatic
>
>
>
>
> any thoughts on key-length selection? a couple
> knee-jerk reactions are:
>
> ) use the smallest key
> ) use the largest key
> ) use an prime number in the range of acceptable values
> ) use an non power of two key
>
>
> -- bill (who will be signing his production zones this week)
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> To switch to the DIGEST mode, E-mail to
> <dnssec-deployment-digest at shinkuro.com>
> To switch to the INDEX mode, E-mail to
> <dnssec-deployment-index at shinkuro.com>
> Send administrative queries to <dnssec-deployment-request at shinkuro.com>
>
>
More information about the Dnssec-deployment
mailing list