[dnsext] NSEC3 and elliptic curve signatures
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 16 September 2010 16:59 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3093C3A690F; Thu, 16 Sep 2010 09:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.524
X-Spam-Level:
X-Spam-Status: No, score=-101.524 tagged_above=-999 required=5 tests=[AWL=1.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n8osveHbdR69; Thu, 16 Sep 2010 09:59:36 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id BA2003A68F6; Thu, 16 Sep 2010 09:59:36 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OwHko-000FKY-3x for namedroppers-data0@psg.com; Thu, 16 Sep 2010 16:56:10 +0000
Received: from hoffman.proper.com ([207.182.41.81]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <paul.hoffman@vpnc.org>) id 1OwHkj-000FK3-F2 for namedroppers@ops.ietf.org; Thu, 16 Sep 2010 16:56:05 +0000
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o8GGu0OV053478 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <namedroppers@ops.ietf.org>; Thu, 16 Sep 2010 09:56:02 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240834c8b7fa996ee1@[10.20.30.158]>
Date: Thu, 16 Sep 2010 09:55:59 -0700
To: namedroppers@ops.ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: [dnsext] NSEC3 and elliptic curve signatures
Content-Type: text/plain; charset="us-ascii"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
Greetings again. draft-hoffman-dnssec-ecdsa describes DNSSEC signature algorithms using the two generally-accepted elliptic curve sizes on 256 and 384 bits. Dan Simon pointed out to Wouter and I that RFC 5155 talks about choosing iteration sizes for DSA and RSA, but not elliptic curves. Wouter ran some numbers that could be used to determine possible iteration counts, but RFC 5155 only sets maximums for iterations, not suggested values. Do folks here think that draft-hoffman-dnssec-ecdsa should have suggested RFC 5155 iteration counts? Should we discuss it at all? --Paul Hoffman, Director --VPN Consortium
- [dnsext] NSEC3 and elliptic curve signatures Paul Hoffman
- Re: [dnsext] NSEC3 and elliptic curve signatures Rose, Scott W.
- Re: [dnsext] NSEC3 and elliptic curve signatures Francis Dupont