Of course. It's just that this is 6-7 orders of magnitude easier than breaking RSA, even against a relatively hard target.
No. It's however hard breaking RSA is plus 6-7 orders of magnitude easier because you still need to break RSA.
Signings shouldn't help the attacker unless your hash is broken... it probably takes a worse break than the current ones against MD5 and SHA1, as well.
That's not true. doi:10.1016/S1007-0214(05)70121-8 for example on weak-key attacks against digital signature systems.
they [the banks] can upgrade much more easily than DNSSEC if RSA-1024 falls.
Sort-of. SSLv2 has been considered obsolete for a long time, but it took new PCI-compliance procedures to really shake it out of a lot of organizations I've worked with.
Upgrading is hard. Saying upgrading HTTPS's RSA-1024 is "easier" than upgrading DNSSEC is patently meaningless: We're not really talking about upgrading, we're talking about replacement.
There are still sites without MX records and still new FTP clients being made. I consider the proponents of DNSSEC and IPV6 similarly incompetent largely because they have spent so little time exploring how to replace our existing crap.
DNSCurve is primarily an exercise in supplanting the existing system; that's what the entire system is built on, *how do we get security*, not how do we build the most secure system, or the best system by any technical measure.
You probably want to avoid them anyway... I'm a grad student so I don't design very practical stuff
Implementations are uninteresting. Where are these identity schemes published?