IETF Logo Mail Archive

Re: [DNSOP] Key sizes was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt

Paul Wouters <paul@xelerance.com> Wed, 22 April 2009 02:43 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65EE33A6BF8 for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 19:43:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.389
X-Spam-Level:
X-Spam-Status: No, score=-2.389 tagged_above=-999 required=5 tests=[AWL=0.210, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNRJoBBmnoKM for <dnsop@core3.amsl.com>; Tue, 21 Apr 2009 19:43:17 -0700 (PDT)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id 958213A6BCD for <dnsop@ietf.org>; Tue, 21 Apr 2009 19:43:17 -0700 (PDT)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) by newtla.xelerance.com (Postfix) with ESMTP id 6F5005705C; Tue, 21 Apr 2009 22:44:33 -0400 (EDT)
Date: Tue, 21 Apr 2009 22:44:33 -0400
From: Paul Wouters <paul@xelerance.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <p06240814c613f23a6960@[10.20.30.163]>
Message-ID: <alpine.LFD.1.10.0904212235090.7510@newtla.xelerance.com>
References: <20090306141501.4BA2F3A6B4B@core3.amsl.com> <49EDA81E.2000600@ca.afilias.info> <p06240807c613a658a056@[10.20.30.163]> <49EE276C.5070706@ca.afilias.info> <p06240814c613f23a6960@[10.20.30.163]>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Key sizes was Re: I-D Action:draft-ietf-dnsop-rfc4641bis-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2009 02:43:18 -0000

On Tue, 21 Apr 2009, Paul Hoffman wrote:

> 'openssl speed rsa1024 rsa2048' is your friend here. On my laptop, signing takes six times longer, but verifying only takes three times longer. Different platforms will give different results.

So do different versions of openssl. 0.9.8k was much slower then
0.9.8i. But openssl-1.0.0beta was faster again for me. As for
dnssec-signzone, the 9.6.1 version seemed much faster for me then
previous versions, ldns-signzone was extremely slow, but I guess that's
why they're working on hsm-signer :)

(all meassures with unsigned zones as input)

Paul

v2.23.0 | Report a Bug | By Email