[ksk-rollover] root zone KSK rollover operations workshop planning
Paul Hoffman
paul.hoffman at vpnc.org
Fri Sep 19 17:06:12 UTC 2014
On Sep 19, 2014, at 9:44 AM, David Conrad <david.conrad at icann.org> wrote:
>> - Changing the signing algorithm (which I strongly support) is not a KSK rollover and thus out of scope for this discussion except insofar as if there is a planned algorithm change, that could affect the perceived need for the KSK rollover. If changing the signing algorithm *is* in scope for this discussion, the title of the discussion should change.
>
> I’m not sure arguing the semantics of the terminology used in the name of this mailing list is a good use of time.
I am. If as you say below, "everything that could impact changing the key and/or the implications of changing the key should be in scope", then simply calling the workshop as being about "KSK change" that would be a lot clearer.
And, given that, I propose that there be a major topic on changing the signing algorithm to elliptic curve with 256-bit keys. The CFRG will likely settle on recommendations for fast, constant-time curves for signing; these would be excellent targets for a new signing algorithm. The oft-stated benefits would be:
- much smaller DNS response messages for signatures
- much greater predictability for the cryptographic lifetimes for the keys
--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140919/7ae8f85c/signature.asc>
More information about the ksk-rollover
mailing list