Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Bill Woodcock <woody@pch.net> Tue, 01 April 2014 13:04 UTC

Return-Path: <woody@pch.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6624E1A06C5 for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 06:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEnX5fYmiHRj for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 06:04:45 -0700 (PDT)
Received: from ldap-01.pch.net (ldap-01.pch.net [206.220.231.75]) by ietfa.amsl.com (Postfix) with ESMTP id 012021A06BE for <dnsop@ietf.org>; Tue, 1 Apr 2014 06:04:44 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from [204.61.215.214] ([204.61.215.214]) (authenticated user woody@pch.net) by ldap-01.pch.net (Kerio Connect 7.4.2) (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Tue, 1 Apr 2014 06:04:39 -0700
Content-Type: multipart/signed; boundary="Apple-Mail=_AD050427-0F65-4A63-BAD0-A1D3589024DB"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <102C13BE-E45E-437A-A592-FA373FF5C8F0@ogud.com>
Date: Tue, 1 Apr 2014 06:04:37 -0700
Message-Id: <0B7A5BD7-608D-4943-A7A4-A77B8C39CB9A@pch.net>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de> <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net> <102C13BE-E45E-437A-A592-FA373FF5C8F0@ogud.com>
To: Olafur Gudmundsson <ogud@ogud.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/Q3hV4t7JcYKjB77JZ8zhIjxd4rU
Cc: dnsop@ietf.org, =?iso-8859-1?Q?Matth=E4us_Wander?= <matthaeus.wander@uni-due.de>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 13:04:46 -0000

On Apr 1, 2014, at 5:39 AM, Olafur Gudmundsson <ogud@ogud.com> wrote:
> Doing these big jumps is the wrong thing to do, increasing the key size increases three things:
> 	time to generate signatures  
> 	bits on the wire
> 	verification time. 
> 
> I care more about verification time than bits on the wire (as I think that is a red herring).
> Signing time increase is a self inflicted wound so that is immaterial. 

Agreed…  Signing time is our problem to manage as a budgetary matter.  Bits on the wire seem too small, relative to the overall stream of traffic, to be of any significance.  But...

>                  sign    verify    sign/s verify/s
> rsa 1024 bits 0.000256s 0.000016s   3902.8  62233.2
> rsa 2048 bits 0.001722s 0.000053s    580.7  18852.8
> rsa 4096 bits 0.012506s 0.000199s     80.0   5016.8

…you think the difference between 53 uSec and 199 uSec is material for end-users?  Even if they have to traverse several levels of zones signed at 4096 bits?

There’s also the issue that we have to plan some time in advance for changes like this, and by the time the change is actually in production, these times will have dropped still further.  So, I agree, incremental and continuous upgrading of key-lengths is necessary to counter brute-force attacks, but I’m not sure I want the granularity to be so fine that I’m rolling KSKs all the time.

                                -Bill