IETF Logo Mail Archive

Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-01

RJ Atkinson <rja.lists@gmail.com> Mon, 26 March 2012 22:39 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C86D21E8012; Mon, 26 Mar 2012 15:39:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1332801584; bh=iGb5wxWKNVNUJvbv/w91wDP9dpuaZHCHzkwkbxbIzU0=; h=From:Date:To:Message-Id:Mime-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=qUxi0V4k1wviwxT5vrjLdyHDjab5CjgkUtensv0nv97WyIlPGGxJii+3gpBUBn5DE 69IaiL+FR2h7uvu2IEOnbiZmJ5Ft7mJDJsjE9eyqubaqS7hakrNLaLuZOSQBCv/Xiu JiMbQ72/Y3gOULT3uiFXfkw7vcBGG8K/DjuNsi0E=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C222321E801F for <dnsext@ietfa.amsl.com>; Mon, 26 Mar 2012 15:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.597
X-Spam-Level:
X-Spam-Status: No, score=-3.597 tagged_above=-999 required=5 tests=[AWL=0.002, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Do-JPRRJbQJj for <dnsext@ietfa.amsl.com>; Mon, 26 Mar 2012 15:29:24 -0700 (PDT)
Received: from mail-qa0-f51.google.com (mail-qa0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 0F97E21E8020 for <dnsext@ietf.org>; Mon, 26 Mar 2012 15:29:23 -0700 (PDT)
Received: by qaea16 with SMTP id a16so2500902qae.10 for <dnsext@ietf.org>; Mon, 26 Mar 2012 15:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:date:subject:to :message-id:mime-version:x-mailer; bh=WBUsEPMpIpGVAODPdpa2JzWOJyUfSIsUwMkyFHjbNfI=; b=Yk7ybtCcVoIrnsYOLQsHm9ai6UxImpmke8NhI+3yiAOJ3yHhIpBFmRQa8Uw72qGE2h WXLEvBMBC8tG89iDNU4Z95Nx7yLZHYpW1vwDupV6s91I1y1cx6eyXS0Ijaf03hM9ZqJP vP/IrxSS4An1/E4lLFkH7noLuf5hqdxICAgLzmqGqf8UJ8xbk4/CM6uneb347L+GtzzY xc0wdka88FWNllHKouacuxa8WCaxgBDFiHPoHsQR4qPxM5t1pzG1PrLZ/5sKg7LCipCR X29bGkq2i8mUDDG9Np+7+wDlVwM0l11CBa39KuYzcjd9Cu0ZgN6L6J7eccA8rZiZYw2t 3mMg==
Received: by 10.229.137.18 with SMTP id u18mr6662966qct.87.1332800963460; Mon, 26 Mar 2012 15:29:23 -0700 (PDT)
Received: from [10.30.20.12] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id ha10sm32241638qab.14.2012.03.26.15.29.21 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 26 Mar 2012 15:29:22 -0700 (PDT)
From: RJ Atkinson <rja.lists@gmail.com>
Date: Mon, 26 Mar 2012 18:29:20 -0400
To: dnsext@ietf.org
Message-Id: <4DE8BF39-7E68-4F10-BFBE-F4D408628929@gmail.com>
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
X-Mailman-Approved-At: Mon, 26 Mar 2012 15:39:43 -0700
Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-algo-imp-status-01
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Monday, 26th March 2012, Scott Rose wrote, in part:
> If the group thinks any of the assigned implementation status
> for entries should be changed - please state so.
> 
> Personally, I'm thinking ECDSA might be moved to "Recommended..."
> since there are some advantages, but willing to leave it as is.

All,

I support the idea of moving ECDSA to "Recommended".

Most of us are likely to end up deploying ECDSA eventually,
we might as well encourage folks to support it sooner
rather than later.  An earlier start to implementation
enables earlier widespread interoperability, which in 
turn enables widespread deployment.  These things all
take time.  There is no value in delay.

* The financial sector already seems to be migrating 
  from RSA to EC for a wide range of things.  

* Separately, the published literature indicates that 
  MUCH shorter EC keys have strength equivalent to 
  MUCH longer RSA keys, so EC appears to scale better.[1][2]
  For example, [2] indicates that an ECC key size of
  163 bits has strength equivalent to an RSA key size
  of 1024 bits.

* Published literature also indicates that EC is less
  computationally expensive than RSA for equivalent-strength
  key sizes.  So EC is better for systems with smaller CPUs
  or that need to perform higher volumes of transactions.[3]

Yours,

Ran



REFERENCES:

[1] K. Lauter, "The Advantages of Elliptic Curve Cryptography for
    Wireless Security", IEEE Wireless Communications, Volume 11,
    Issue 1, IEEE, Piscataway, NJ, USA, February 2004.

[2] V. Gupta, et alia, "Performance Analysis of Elliptic Curve
    Cryptography for SSL", Proceedings of 1st ACM Workshop on
    Wireless Security, ACM, Atlanta, GA, September 2002.

[3] Nils Gura, et alia, "Comparing Elliptical Curve Cryptography
    and RSA on 8-bit CPUs", Proceedings of 6th International Workshop
    on Cryptographic Hardware and Embedded Systems '04, published in 
    Volume 3156, Lecture Notes in Computer Science, Springer-Verlag, 
    Berlin, DE, 2004.

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email