Secure Domain Name System (DNS) Deployment 2026 Guide [pdf]

(nvlpubs.nist.gov)

70 points by XzetaU85 hours ago

3 comments

  • antonyh24 minutes ago
    I do wish these types of document were published as HTML and not just as PDF.
  • bob10292 hours ago
    &gt; ECC algorithms with smaller key sizes would be more vulnerable to a quantum attack, as it would require a currently theoretical quantum computer with fewer qubits than would be required for an RSA key with the same cryptographic strength [25].<p>This is what keeps me skeptical about ECC. RSA is really chunky, and maybe that&#x27;s a fundamental advantage from an information theory perspective. Compromising on the crypto scheme because we can&#x27;t fit inside UDP seems like a cursed path.<p>[25]: <a href="https:&#x2F;&#x2F;arxiv.org&#x2F;abs&#x2F;1706.06752" rel="nofollow">https:&#x2F;&#x2F;arxiv.org&#x2F;abs&#x2F;1706.06752</a>
    • tptacek1 hour ago
      A CRQC makes both RSA and ECDLP practically irrelevant. The qubit thresholds between available ECC and RSA-2048 don&#x27;t look meaningful. If you&#x27;re worried about QC, get comfortable with lattices.<p>Of course, this part of the NIST recommendation doesn&#x27;t matter, because DNSSEC is moribund. If we want post-quantum record authenticity, we should go back to the drawing board and come up with something that doesn&#x27;t depend on UDP (and that doesn&#x27;t carry DNSSEC&#x27;s 1994-vintage offline-signer compromise and all-or-nothing zone signature compromise).
      • gumarn_y32 minutes ago
        Yeah if we will ever see a CRQC...but nevertheless we will migrate to PQC as it will be forced via regulations thx to lobby work by Mosca and friends
    • phicoh1 hour ago
      If we are looking at the RSA factoring challenge (<a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;RSA_Factoring_Challenge" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;RSA_Factoring_Challenge</a>) then 768 bits is done. Breaking RSA 1024 is assumed to be possible but has not been demonstrated in public.<p>So maybe quantum computers should first complete some of these RSA challenges with less compute resources than done classically before considering any claims about qubits needs as practical.<p>All of this in the context of DNSSEC or other system using signatures. For encryption the story is different.
  • progbits36 minutes ago
    &gt; 864000 seconds (1 day)<p>Could use some proofreading.