Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
Phillip Hallam-Baker <hallam@gmail.com> Tue, 01 April 2014 13:40 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 166701A06E6 for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 06:40:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dF4jknuOK7_2 for <dnsop@ietfa.amsl.com>; Tue, 1 Apr 2014 06:40:00 -0700 (PDT)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com [IPv6:2a00:1450:4010:c04::22e]) by ietfa.amsl.com (Postfix) with ESMTP id C62B01A06E4 for <dnsop@ietf.org>; Tue, 1 Apr 2014 06:39:58 -0700 (PDT)
Received: by mail-lb0-f174.google.com with SMTP id u14so6909857lbd.19 for <dnsop@ietf.org>; Tue, 01 Apr 2014 06:39:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zh4uIfdLw26/jq3KfBGY0uxKPf9X5EQN9Wt/swFyIfI=; b=DOla6yMoJn2Wgyf7/RYfDqSSJFAprFPgXvWpLQUfGMiiiD4EoNyRc1ZAHrHFkzbmAF NeInfbTv5f1jL1e8/1/qZYHL0LS4tBYcUkFjIuFDWMzXfjN43fnnyALTOqt+DxmC52bd tqlKcPjoZ14zMoo0Kd4APOD7OhJhDCz5ZSj6BZ2JtzQBbY/A8OhuS73IqjHve7T0AXsK Q32iHZCU0cYdICmzpujhrAcKuXEB3EYWoYc6/gG9B/iQSpnaZ2dRrVAnRtbdwnRclitC FxJzcK89v8/MQ6+aalmtSt9aMlj9JqCI/V/5T17hLGEDQDVliCSIi+fS2PB2nexNQEf1 vRdQ==
MIME-Version: 1.0
X-Received: by 10.152.37.99 with SMTP id x3mr22653730laj.7.1396359594516; Tue, 01 Apr 2014 06:39:54 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Tue, 1 Apr 2014 06:39:54 -0700 (PDT)
In-Reply-To: <474B0834-C16B-4843-AA0A-FC2A2085FEFB@icsi.berkeley.edu>
References: <0EA28BE8-E872-46BA-85FD-7333A1E13172@icsi.berkeley.edu> <53345C77.8040603@uni-due.de> <B7893984-2FAD-472D-9A4E-766A5C212132@pch.net> <102C13BE-E45E-437A-A592-FA373FF5C8F0@ogud.com> <474B0834-C16B-4843-AA0A-FC2A2085FEFB@icsi.berkeley.edu>
Date: Tue, 01 Apr 2014 09:39:54 -0400
Message-ID: <CAMm+Lwh-G7D5Cjx4NWMOhTjBZd=VVRHiPdK7L1zm-P0QRP8P2Q@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Content-Type: multipart/alternative; boundary="089e0158b87c9c259504f5fb4d95"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/tXwe6h3sQEPof11UHsyZkLsGZE0
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, Matthäus Wander <matthaeus.wander@uni-due.de>, Bill Woodcock <woody@pch.net>
Subject: Re: [DNSOP] Whiskey Tango Foxtrot on key lengths...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2014 13:40:04 -0000
On Tue, Apr 1, 2014 at 9:05 AM, Nicholas Weaver <nweaver@icsi.berkeley.edu>wrote: > > On Apr 1, 2014, at 5:39 AM, Olafur Gudmundsson <ogud@ogud.com> wrote: > > > > Doing these big jumps is the wrong thing to do, increasing the key size > increases three things: > > time to generate signatures > > bits on the wire > > verification time. > > > > I care more about verification time than bits on the wire (as I think > that is a red herring). > > Signing time increase is a self inflicted wound so that is immaterial. > > > > sign verify sign/s verify/s > > rsa 1024 bits 0.000256s 0.000016s 3902.8 62233.2 > > rsa 2048 bits 0.001722s 0.000053s 580.7 18852.8 > > rsa 4096 bits 0.012506s 0.000199s 80.0 5016.8 > > > > Thus doubling the key size decreases the verification performance by > roughly by about 70%. > > > > KSK's verification times affect the time to traverse the DNS tree, thus > > If 1024 is too short 1280 is fine for now > > If 2048 is too short 2400 bit key is much harder to break thus it should > be fine. > > > > just a plea for key use policy sanity not picking on Bill in any way. > > NO! FUCK THAT SHIT. Seriously. > > There is far far far too much worrying about "performance" of crypto, in > cases like this where the performance just doesn't matter! > > Yes, you can only do 18K verifies per CPU per second for 2048b keys. Cry > me a river. Bite the bullet, go to 2048 bits NOW, especially since the > servers do NOT have resistance to roll-back-the-clock attacks. > > > > In a major cluster validating recursive resolver, like what Comcast runs > with Nominum or Google uses with Public DNS, the question is not how many > verifies it can do per second per CPU core, but how many verifies it needs > to do per second per CPU core. > > And at the same time, this is a problem we already know how to > parallelize, and which is obscenely parallel, and which also caches... > > Lets assume a typical day of 1 billion external lookups for a major ISP > centralized resolver, and that all are verified. Thats less 1 CPU core-day > to validate every DNSSEC lookup that day at 2048b keys. > Yes, I agree, but you are proposing a different DNSSEC model to the one they believe in. The DNS world has put all their eggs into the DNSSEC from Authoritative to Stub client model. They only view the Authoritative to Resolver as a temporary deployment hack. So they resisted the idea of an authenticated Stub-client <-> Resolver protocol and they dumb down the crypto so their model will work. Weakening the crypto algorithms to make the architecture work is always a sign that the wrong architecture is being applied. -- Website: http://hallambaker.com/
- [DNSOP] Whiskey Tango Foxtrot on key lengths... Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Rose, Scott
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Christopher Morrow
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Tony Finch
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Thierry Moreau
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Matthäus Wander
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Joe Abley
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… S Moonesamy
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Bill Woodcock
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Jelte Jansen
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- [DNSOP] CD (Re: Whiskey Tango Foxtrot on key leng… Evan Hunt
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Mark Andrews
- [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot on … Andrew Sullivan
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Olafur Gudmundsson
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Colm MacCárthaigh
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Wouters
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Mark Andrews
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Nicholas Weaver
- Re: [DNSOP] CD bit (was Re: Whiskey Tango Foxtrot… Andrew Sullivan
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Phillip Hallam-Baker
- [DNSOP] Current DNSOP thread and why 1024 bits Edward Lewis
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Nicholas Weaver
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Stephane Bortzmeyer
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- [DNSOP] mailing list behavior Re: Current DNSOP t… Suzanne Woolf
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Hoffman
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Rose, Scott
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Mark Andrews
- Re: [DNSOP] CD (Re: Whiskey Tango Foxtrot on key … Colm MacCárthaigh
- Re: [DNSOP] Current DNSOP thread and why 1024 bits S Moonesamy
- Re: [DNSOP] Current DNSOP thread and why 1024 bits David Conrad
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Paul Wouters
- Re: [DNSOP] Current DNSOP thread and why 1024 bits Ben Laurie
- Re: [DNSOP] Whiskey Tango Foxtrot on key lengths.… Francis Dupont