Re: [dnsext] NSEC3 and elliptic curve signatures

Francis Dupont <> Fri, 17 September 2010 14:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 191283A63EC; Fri, 17 Sep 2010 07:17:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jceOQw0D2-f6; Fri, 17 Sep 2010 07:17:33 -0700 (PDT)
Received: from ( [IPv6:2001:418:1::62]) by (Postfix) with ESMTP id 100CC3A6359; Fri, 17 Sep 2010 07:17:32 -0700 (PDT)
Received: from majordom by with local (Exim 4.72 (FreeBSD)) (envelope-from <>) id 1Owbg2-0008XU-S6 for; Fri, 17 Sep 2010 14:12:34 +0000
Received: from ([2001:41d0:1:6d55:211:5bff:fe98:d51e]) by with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <>) id 1Owbfz-0008X1-NG for; Fri, 17 Sep 2010 14:12:32 +0000
Received: from (localhost []) by (8.14.3/8.14.3) with ESMTP id o8HECSac008010; Fri, 17 Sep 2010 14:12:28 GMT (envelope-from
Message-Id: <>
From: Francis Dupont <>
To: Paul Hoffman <>
Subject: Re: [dnsext] NSEC3 and elliptic curve signatures
In-reply-to: Your message of Thu, 16 Sep 2010 09:55:59 PDT. <p06240834c8b7fa996ee1@[]>
Date: Fri, 17 Sep 2010 16:12:28 +0200
Precedence: bulk
List-ID: <>
List-Unsubscribe: To unsubscribe send a message to with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <>

 In your previous mail you wrote:

   Do folks here think that draft-hoffman-dnssec-ecdsa should have
   suggested RFC 5155 iteration counts?
=> I think so. I suggest: you pick a stock hardware, evaluate performance,
compute proportional maximum iteration counts, and put values in
the next version of the draft if needed, i.e., if the reasoning 
for DSA apply for ECDSA too:

   The ratio between SHA-1 calculation and DSA verification is higher
   (1500 to 1 for keys of size 1024).  A higher iteration count degrades
   performance, while DSA verification is already more expensive than
   RSA for the same key size.  Therefore the values in the table MUST be
   used independent of the key algorithm.

IMHO it applies and the 150 default maximum value is still fine,
but it should be checked and written down.