Update on stats 2019-11

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Dec 2 20:30:04 CET 2019

On Mon, Dec 02, 2019 at 08:14:30PM +0100, Michael Grimm wrote:

> > Definitely not, instead 1280 bits, but then migrate to P-256.

That 1280 bit advice is RSA-only.  RSA has variable-size keys.

> I will migrate both KSK and ZSK to P-256. I understood that a ZSK should be
> of size 1280 bits, but what is the optimal size of a P-256 KSK [1]?

Best-practice for an *RSA* ZSK is ~1280 bits, but P-256 has fixed
size keys, so the question does not make sense...

The key blob (in "uncompressed" point format) is 512 bits, but we simply don't
talk about key bits with EC crypto, instead we talk about choices of "curve"
(which imply the key and signature sizes).  P-256 is the most widely used EC
curve.  It is gradually being superseded by Ed25519, but too few DNS resolvers
support Ed25519 to make it a practical choice for DNSSEC just yet.


More information about the dane-users mailing list