Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
Phillip Hallam-Baker <hallam@gmail.com> Wed, 02 April 2014 11:38 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB371A01E7 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 04:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b8LQFCQijzx9 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 04:38:28 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com [IPv6:2a00:1450:4010:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 93DF61A01C7 for <dnsop@ietf.org>; Wed, 2 Apr 2014 04:38:27 -0700 (PDT)
Received: by mail-la0-f46.google.com with SMTP id hr17so44955lab.19 for <dnsop@ietf.org>; Wed, 02 Apr 2014 04:38:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+T+yPPemNxV9pVgMCi10GMQ5rCCNXDTEiukBMj5ZRlc=; b=hTa2kU48x5gnrhBm4TYeW3CxuQQv0AEANd2oRDxZMfK67l5q6vstQpWjBdTp2TEcSP fTnLzPDrB1Xc7rtPK892KHk3Z0/AuXv9bk0bmWS+Qngqe8wDVpTmx1etZsT5qEFqp5iz KTSXVpKRZZhMA1B22XX/4YyGCP2kUr7wgzNbL5ZyVpgMtxxaJklGLvTWBOyRWz1CiZcN hNQBTPxqui3P5O0mfcBBxPMVTeNajRoNW7w4rcp7L/bQsvTiwKCmgSkaXMm/lZOhqWyD M9gqtgkMwYVywS6bmUOsR0BYWgR4QO+jXc1I7KYnTkNFSRM5h9fsh0q6oHF+QjIy4QCI 9Fgw==
MIME-Version: 1.0
X-Received: by 10.152.20.1 with SMTP id j1mr50177lae.83.1396438702829; Wed, 02 Apr 2014 04:38:22 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Wed, 2 Apr 2014 04:38:22 -0700 (PDT)
In-Reply-To: <2665E768-F3C0-4061-B7F0-B196294C8266@vpnc.org>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de> <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net> <102C13BE-E45E-437A-A592-FA373FF5C8F0@ogud.com> <474B0834-C16B-4843-AA0A-FC2A2085FEFB@icsi.berkeley.edu> <CFA0ED6F-6800-4638-90B0-CD414301C501@ogud.com> <2665E768-F3C0-4061-B7F0-B196294C8266@vpnc.org>
Date: Wed, 02 Apr 2014 07:38:22 -0400
Message-ID: <CAMm+LwgeBWA1aBBZiSLtjtDbPP5R=cqP07ZDrbRQSOsSo76kOw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="089e013d1d4cd5357004f60db809"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/fcBqT7T55oUuOThhAkgF4wg6nPQ
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 11:38:32 -0000
On Tue, Apr 1, 2014 at 10:48 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On Apr 1, 2014, at 7:37 PM, Olafur Gudmundsson <ogud@ogud.com> wrote: > > > Why not go to a good ECC instead ? (not sure which one, but not P256 or > P384) > > Why not P256 or P384? They are the most-studied curves. Some of the newer > curves do have advantages, but they are also newer. > Same answer as always: A patent troll with the most worthless claim ever is still going to cost $4 million to get a declarative judgement against. RIM is on the verge of bankruptcy and it is very likely the patents will be acquired by a troll. And the new tactic is to go after the customers, not the technology providers. So without the declarative judgement we are swapping a technology we know we have no problem with for one with an expensive liability. So we definitely need a declarative judgement. IF the size of the signatures vs the packet size was the issue we could go to DSA. It has some implementation issues but I'll take 2048 bit DSA over 1024 bit RSA. Alternatively, we can forget the ICANN root as being the primary validation path and have people publish a 2048 bit cert in a WebPKI validated chain in their zone. We already have the records for that. -- Website: http://hallambaker.com/
- [DNSOP] Whiskey Tango Foxtrot on key lengths... Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Rose, Scott
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Thierry Moreau
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… S Moonesamy
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Jelte Jansen
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- [DNSOP] CD (Re: Whiskey Tango Foxtrot on key leng… Evan Hunt
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot on … Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Andrew Sullivan
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- [DNSOP] Current DNSOP thread and why 1024 bits Edward Lewis
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- [DNSOP] mailing list behavior Re: Current DNSOP t… Suzanne Woolf
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Rose, Scott
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Mark Andrews
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits David Conrad
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Ben Laurie
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Francis Dupont