[Dnssec-deployment] DNSSEC4J and trust anchors
paul at redbarn.org
Tue Jan 31 15:08:58 EST 2012
On 1/31/2012 8:07 PM, Edward Lewis wrote:
> Is there any concrete evidence that the root KSK be 2048 bits long? I
> know that longer is safer, but do we have any concrete data that says
> 1024 won't do and it must be 2048? Or are we just playing it safe?
my gut feeling is that 2048 is the right length if we can't roll, so it
was a good first choice.
if we can roll then a smaller key is perfectly fine.
More information about the Dnssec-deployment