On 9/06/2011 1:10 p.m., Jay Daley wrote:
One of the quickest ways for me to destroy trust in NZRS would be to answer the question "Why have you chosen a 2048 bit key?" with the response "Because that is what most of the other TLDs do.". Any choice one way or the other needs a rational and evidenced explanation.
<big snip...>
If you are serious in proposing 2048 bit keys as alternative policy then can you provide a similar explanation to allow the community to judge the two?
.nz - 1280 bit .au[1] - 2048 bit Which one is more secure? "When shopping on a web site you should consider looking for a .au site simply because the dns system is more secure. In New Zealand they only offer 1280 bit v's the 2048 bit that we offer our customers here in Australia... <Insert more FUD as desired>". Yes, I read Jay's explanation, but are we going to have to write... "In NZ we offer 1280/1 v's 2048/5, so in fact our is more secure...." If you look at my numbers above from a purely emotive point of view, with limited technical understanding then 2048/5 just looks bigger, and a bigger bank vault = more secure in most peoples eyes even if it's not. Trust is often as much about perception as reality. D [1] insert random country of your choice that I might be wanting to do business with.... .au is simply an example. -- Don Gould 31 Acheson Ave Mairehau Christchurch, New Zealand Ph: + 64 3 348 7235 Mobile: + 64 21 114 0699 www.thinkdesignprint.co.nz