[Dnssec-deployment] Root key roll questions, was Re: DNSSEC4J...
Edward Lewis
Ed.Lewis at neustar.biz
Tue Jan 31 15:29:55 EST 2012
At 12:12 -0800 1/31/12, Doug Barton wrote:
>TMK the current thinking in the crypto world (which I follow as an
>interested amateur) is that by the time 2048 RSA is crackable the
>playing field will have changed considerably already. It's also thought
>that 1024 RSA may be vulnerable in our lifetimes.
This "talk" triggers the following question in my mind. Even if a
1024 RSA is "cracked/broken/etc"[0], what is the chance that the
exploit could be used in the limited confines of DNS' fixed format
and constrained data lengths?
I'm asking not as someone trying to press a point, but as someone not
yet really understanding the bogeyman
(http://en.wikipedia.org/wiki/Boogey_man) we wish to fight. (Yes,
the URL and the title on the page do differ in the spelling as I see
it).
[0] I mean that in layman's terms. I'm sure cryptologists have
better terminology.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
More information about the Dnssec-deployment
mailing list