[dnsext] about ECDSA
Francis Dupont <Francis.Dupont@fdupont.fr> Fri, 06 April 2012 15:09 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3E321F8541; Fri, 6 Apr 2012 08:09:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1333724984; bh=13yL277hXTe9zAWSoJC4c6ifNHRvWdytGm1T13Ek6vs=; h=Message-Id:From:To:Date:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:MIME-Version: Content-Type:Content-Transfer-Encoding:Sender; b=Qpnff6uaDRdEe6gL5atMrQuan3poE1pb68ncWbPanK/DiPKNvNT3Y9SpmHrqVBbqf FgkPcu/zM4ezj8CXOCvq0p3M/iCytBlIqG5TnUsVTL37zo8rZ6Q/v5n9x1gXO+mfwN pgTOQ/o0Xq0uxOPxcTz3Gs6tp9kzRxVwciMA35p8=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8EE21F8541 for <dnsext@ietfa.amsl.com>; Fri, 6 Apr 2012 08:09:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVcEgf4U3hZL for <dnsext@ietfa.amsl.com>; Fri, 6 Apr 2012 08:09:43 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) by ietfa.amsl.com (Postfix) with ESMTP id 0479321F84CE for <dnsext@ietf.org>; Fri, 6 Apr 2012 08:09:42 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id q36F9g1l017556 for <dnsext@ietf.org>; Fri, 6 Apr 2012 17:09:42 +0200 (CEST) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201204061509.q36F9g1l017556@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: dnsext@ietf.org
Date: Fri, 06 Apr 2012 17:09:42 +0200
Subject: [dnsext] about ECDSA
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
I am refreshing the ECDSA experimental support in bind9 so I have some random comments: - my Fedora 16 compiles OpenSSL with no Elliptic Curve support (and of course no ECDSA). If someone wants to put some pressure to get this fixed, I'll join! - in http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml SHA-384 is OPTIONAL. I believed the idea was to use it with the new ECDSA keys, so this will have to be fixed in the long term. BTW how? - I still have a question about the 256/384 pair: are they supposed to be handled as two different algos (as RSASHA1 and RSASHA256, or RSASHA256 and RSASHA512) or as the same algo with two different "strengths"? Note at the beginning (i.e., when I asked this many months ago) it was only a concern for the signer but according to a recent discussion it is concern for resolvers too. - I have the performance figures with the last OpenSSL (1.0.1) and its new assembly support (aka enable-ec_nistp_64_gcc_128), unfortunately not available for P384 (can't see why)? ECDSA is really faster on signing and the verifying is still reasonable, so Paul's prediction about EC support quality was correct. Regards Francis.Dupont@fdupont.fr PS: I am not the right person to ask for ECDSA support in the next distribs (I don't say you shouldn't ask). PPS: it should be good to get the examples with a date in the future. _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- Re: [dnsext] about ECDSA Olafur Gudmundsson
- [dnsext] about ECDSA Francis Dupont
- Re: [dnsext] about ECDSA Paul Hoffman
- Re: [dnsext] about ECDSA Francis Dupont
- Re: [dnsext] about ECDSA W.C.A. Wijngaards
- Re: [dnsext] about ECDSA Wes Hardaker
- Re: [dnsext] about ECDSA Francis Dupont
- Re: [dnsext] about ECDSA Francis Dupont
- Re: [dnsext] about ECDSA Wes Hardaker
- Re: [dnsext] about ECDSA Michael StJohns