Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...

Olafur Gudmundsson <ogud@ogud.com> Wed, 02 April 2014 03:02 UTC

Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3E701A00C5 for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 20:02:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kVPbQczk7HFw for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 20:02:14 -0700 (PDT)
Received: from smtp85.ord1c.emailsrvr.com (smtp85.ord1c.emailsrvr.com [108.166.43.85]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA821A00BA for <dnsop@ietf.org>; Tue, 1 Apr 2014 20:02:14 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp3.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 8396F52003; Tue, 1 Apr 2014 23:02:10 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp3.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id BC65C51FF5; Tue, 1 Apr 2014 23:02:09 -0400 (EDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <2665E768-F3C0-4061-B7F0-B196294C8266@vpnc.org>
Date: Tue, 1 Apr 2014 23:02:07 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A834FBB-9ACA-46DE-AAAA-4F35296E806C@ogud.com>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de> <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net> <102C13BE-E45E-437A-A592-FA373FF5C8F0@ogud.com> <474B0834-C16B-4843-AA0A-FC2A2085FEFB@icsi.berkeley.edu> <CFA0ED6F-6800-4638-90B0-CD414301C501@ogud.com> <2665E768-F3C0-4061-B7F0-B196294C8266@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/TMxJ7tS1YmlzKWFPjmsv6vPe_kg
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 03:02:16 -0000

On Apr 1, 2014, at 10:48 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On Apr 1, 2014, at 7:37 PM, Olafur Gudmundsson <ogud@ogud.com> wrote:
> 
>> Why not go to a good ECC instead ? (not sure which one, but not P256 or P384) 
> 
> Why not P256 or P384? They are the most-studied curves. Some of the newer curves do have advantages, but they are also newer.
> 
> --Paul Hoffman


The verification performance is bad, P256 takes 24x times longer to verify a signature than 2048 bit RSA key. 
Studied != good performance

	Olafur