On Thursday, December 13, 2012 12:25:23 PM Murray S. Kucherawy wrote:
> On Wed, 12 Dec 2012, Scott Kitterman wrote:
> >>> 1024 bit is an insecure key?
> >>
> >> That's a DNSSEC "insecure", not a key-too-small "insecure".
> >
> > Oh. Thanks. I didn't realize that.
>
> Now taking suggestions for better wording. :-)
DNSSEC is about the key retrieval process, not the key itself.
How about:
reason="1024-bit key; insecure key retrieval"
for no DNSSEC
and
reason="768-bit key; insecure key length"
Scott K
Received on Sat Dec 15 2012 - 17:11:33 PST
This archive was generated by hypermail 2.3.0
: Sat Dec 15 2012 - 17:18:02 PST