[ksk-change] FYI: media coverage of '1024 DNSSEC RSA keys are weak'

Richard Lamb richard.lamb at icann.org
Fri Nov 14 19:47:36 UTC 2014

Thanks to Peter Koch for pointing these articles out.


Heise, a German language online news medium, published an article titled
"DNSSEC with too short RSA keys".

The article refers to a paper by Dan Bernstein and Tanja Lange about
advances in factorization by massively parallel hardware operation
<http://cr.yp.to/factorization/batchnfs-20141109.pdf>.  It appears that the
article might go far beyond the substance or even the claims in the paper.

There was a previous note at
ssel-mit-1-024-bit-1411-110435.html>, much less alarmist.

Some serious review of the paper to evaluate the claims and conclusions
would be helpful.


PS: an obviously, if RSA1024 was unusable for DNSSEC, there are other uses

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5456 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141114/f9ab17ce/smime.p7s>

More information about the ksk-rollover mailing list