Re: adsp fail

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Sat, 15 Dec 2012 12:11:15 -0500

On Thursday, December 13, 2012 12:25:23 PM Murray S. Kucherawy wrote:
> On Wed, 12 Dec 2012, Scott Kitterman wrote:
> >>> 1024 bit is an insecure key?
> >>
> >> That's a DNSSEC "insecure", not a key-too-small "insecure".
> >
> > Oh. Thanks. I didn't realize that.
>
> Now taking suggestions for better wording. :-)

DNSSEC is about the key retrieval process, not the key itself.

How about:

reason="1024-bit key; insecure key retrieval"

for no DNSSEC

and

reason="768-bit key; insecure key length"

Scott K
Received on Sat Dec 15 2012 - 17:11:33 PST

This archive was generated by hypermail 2.3.0 : Sat Dec 15 2012 - 17:18:02 PST