Revised NIST guidance for ZSK sizes
Rose, Scott W.
scott.rose at nist.gov
Thu Sep 10 14:15:24 EDT 2009
This actually happened last week but never got around to posting:
After some discussion with the NIST computer security division, there has
been a change to the recommendations and guidelines regarding key sizes for
use with DNSSEC. Originally we (NIST) had in SP 800-81r1 and SP 800-57
Part3:
Key Signing Key (KSK): 2048 bit, rolled every 1-2 years until 2030
Zone Signing Key(ZSK): 2048 bit, rolled every 1-3 months until 2030
This leads to large packet sizes - negative responses from .gov were over
1500 bytes. So there is new guidance with that in mind that keeps shorter
keys in use for a few more years, with migration to Elliptic Curve crypto
(ECDSA) over RSA to keep response sizes from growing too much. Now the
recommended minimum key sizes are:
KSK: 2048 bit, rolled every 1-2 years until 2015 (mostly unchanged - note
the year though)
ZSK: 1024 bit, rolled every 1-3 months* until 2015
The date is 10/1/2015 to be exact, with admins deploying ECDSA before then
as recommended by the USG crypto folks. It's to keep DNSSEC operations in
line with the rest of USG operations.
Right now, the current 800-81r1 (out for 2nd round of public comment) does
not say this because it was decided after it went out, but I'm in the
process of updating NIST SP 800-57 Part3 and SP 800-81r1 to reflect these
changes.
This is basically for those who follow such things. Those not in the US
Federal Gov't are free to do whatever (as before),
Scott
*There was some estimation that 1024 RSA keys in ~3 months by 2014, but
can't cite the ref offhand. Others probably know more.
===================================
Scott Rose
NIST
scottr at nist.gov
ph: +1 301-975-8439
http://www-x.antd.nist.gov/dnssec
http://www.dnsops.gov/
===================================
More information about the Dnssec-deployment
mailing list