On Tue, Jan 27, 2015 at 01:51:32PM -0500, John Allen wrote:
Are you recommending rolling the ZSKs every 7 days, or are you talking about something else?
NO. I'm recommeding signature lifetimes of ~7 days for sites with the operational capacity to keep everything current on a tight schedule. This way, signatures of stale records expire quickly.
I would agree with you that some of the recommendations for the key life are not very sensible. I would have thought that a 2048 bit key was good for around 30+ days and that KSKs should be 4096 bit.
Overkill IMHO. Since the root zone signature is 2048 bits, anything stronger is just a waste of bandwidth and risks interoperability problems. I a decade from now, perhaps we'll have interoperable options based on soon to be defined best-practice ECC curves,
For now RSA-2048 is about as strong as you can reasonably get, and likely strong enough.
What effect do the new algorithms have on time to break? I assume that they are still based upon trapdoor functions?
There is AFAIK no public evidence of practical key recovery attacks on RSA-1024, when properly seeded. Practical attacks on 2048-bit RSA seem rather unlikely at present.