[ksk-rollover] Size of new keys?

Peter Koch pk at DENIC.DE
Wed Sep 19 13:33:58 UTC 2018 

On Wed, Sep 19, 2018 at 11:55:12AM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover wrote:

> how many bits will the new keys have?
> 
> What's the smallest bit size of any key (ZSK, KSK, ...) in use after a successful rollover?

the new KSK is already visible, as are the ZSKs, which are otherwise unaffected
by the roll:

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 438
;; flags: qr aa ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; .    IN      DNSKEY

;; ANSWER SECTION:
.       172800  IN      DNSKEY  256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YCCSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLbtd8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78= ;{id = 2134 (zsk), size = 2048b}
.       172800  IN      DNSKEY  256 3 8 AwEAAfaifSqh+9ItxYRCwuiY0FY2NkaEwd/zmyVvakixDgTOkgG/PUzlEauAiKzlxGwezjqbKFPSwrY3qHmbbsSTY6G8hZtna8k26eCwy59Chh573cu8qtBkmUIXMYG3fSdlUReP+uhBWBfKI2aGwhRmQYR0zSmg7PGOde34c/rOItK1ebJhjTAJ6TmnON7qMfk/lKvH4qOvYtzstLhr7Pn9ZOVLx/WUKQpU/nEyFyTduRbz1nZqkp6yMuHwWVsABK8lUYXSaUrDAsuMSldhafmR/A15BxNhv9M7mzJj7UH2RVME9JbYinBEzWwW9GpnY+ZmBWgZiRVTaDuemCTJ5ZJWLRs= ;{id = 41656 (zsk), size = 2048b}
.       172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b}
.       172800  IN      DNSKEY  257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b}
.       172800  IN      RRSIG   DNSKEY 8 0 172800 20181010000000 20180919000000 19036 . p67102OaDhkjjx1MqKG8fx/lOkG++L6Hd4vIMMBYpLYSr2c9tNaG7G9B3ZwKvNshKaXn8e0bIVjcLdQGzLnDNJh7Sv8453VJF408ur/5/a4xHo7LeKKUryLsBRDoZOvRr5+8ZnLsD8Qdk6NS45bLBMuvpjiPOqfB2QVJmQFwGGaLgEa7+yelBBKgY+BR0jSQead30yZlLAsOVewHyh/1GdLLrkMZENc7j7e1wBUs6iSDLMJsr96kJBMqZhwo94bJDcybtzsZYxiqV5OdHjLFM13jlwH4IPEci+CxzosvBrzcjnML7phUDtjdQ8sftcbVcihrAVrpRbXHg6syIaLoTw==

As you can see, all keys have a size of 2048 bits.

-Peter

More information about the ksk-rollover mailing list