[dnsext] draft-hoffman-dnssec-ecdsa-04
Miek Gieben <miek@miek.nl> Thu, 12 April 2012 07:14 UTC
Return-Path: <miekg@atoom.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D96D21F84EB for <dnsext@ietfa.amsl.com>; Thu, 12 Apr 2012 00:14:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHiH0iIxxfAU for <dnsext@ietfa.amsl.com>; Thu, 12 Apr 2012 00:14:24 -0700 (PDT)
Received: from elektron.atoom.net (cl-201.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:c8::2]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC2621F84B4 for <dnsext@ietf.org>; Thu, 12 Apr 2012 00:14:23 -0700 (PDT)
Received: by elektron.atoom.net (Postfix, from userid 1000) id 313093FF5D; Thu, 12 Apr 2012 09:14:21 +0200 (CEST)
Date: Thu, 12 Apr 2012 09:14:21 +0200
From: Miek Gieben <miek@miek.nl>
To: dnsext WG <dnsext@ietf.org>
Message-ID: <20120412071421.GA19834@miek.nl>
Mail-Followup-To: dnsext WG <dnsext@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8"
Content-Disposition: inline
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Subject: [dnsext] draft-hoffman-dnssec-ecdsa-04
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 07:14:25 -0000
Hello,
I've (re)read and implemented dnssec-ecdsa-04 in some code. During that
process I got some questions about it:
* Section 1: It says ECDSA is 20 times faster than RSA for signing
and 5 times slower for validating. Shouldn't that require a reference?
* Section 4: How should I know that, x and y are of equal length?
* Section 4: Same question for r and s?
* Section 6: In the examples the privatekey file is shown. I haven't seen
(or can't remember) this in any previous RFC specifing new algorithms
for DNSKEYs. Also all other (DSA/RSA) .priv key files (as generated by BIND)
put the public key info in the .priv file, this one is an exception. Why?
(My local elliptic curve documentation tells me the the private key consists
out of the public key and a bigInt called D)
Kind regards,
--
Miek Gieben
- [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Francis Dupont
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Francis Dupont