Hi Dean On 9/06/2011, at 10:07 PM, Dean Pemberton wrote: [snipped]
They are all wrong, but you just can't beat public perception [1].
I believe that Peter may very well be right about 1280 bits being enough, but are you really going to be able to convince everyone else to trust that?
So let me get this right - you do now agree that 1280 bits is sufficient but now claim that others might not believe that and so we need to change? I think that's called playing both sides of the fence. If you believe that key size is sufficient then you need to stand by that having started this thread in the first place.
If people look at .com and it uses 2048 and .nz and they use 1280 bit, are they really going to do all the investigation we just have in order to assess the true security?
I am pretty sure that as a statistical average, nobody at all is going to look at the KSK size when choosing a TLD.
They certainly don't do the research when they wipe harddrives.
My final word on this is "1280 may well be enough from a security point of view, but there will be latent trust issues within the .nz target market if a key less then 2048 is chosen while other domains have adopted 2048". NZRS and the DNCL may want to consider this
I am concerned that you will continue to claim "trust issues" unless you get your way fully on each item and the major "trust issues" we will then face are your claims of "trust issues" rather than any weaknesses in our processes. Can you assure me that will not be the case? cheers Jay -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840