Re: [dnsext] draft-hoffman-dnssec-ecdsa-04
Francis Dupont <Francis.Dupont@fdupont.fr> Thu, 12 April 2012 11:17 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D668021F8593; Thu, 12 Apr 2012 04:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1334229441; bh=91ZwxyNaiwEdPZMEzX4Pz050AeDt6QooxNEUxGVXdEg=; h=Message-Id:From:To:In-reply-to:Date:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: MIME-Version:Content-Type:Content-Transfer-Encoding:Sender; b=ZNiQwXVu09E/rQfTv8jBps3lsUtWb5YYJm1EwlaZqBbSIarCs7yYh3A5HjjwO+L9G YyPzrP7tbCuYMCS7GO7a1Y8y8EXjFR+uyF4aYKDNf4V1E5Ne9IPjUltjYHM8RFBLmW MmH3+09a+FrLYXDfEOBjyyoLwMmdwr3OngzEiSOo=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1502421F8533 for <dnsext@ietfa.amsl.com>; Thu, 12 Apr 2012 04:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.509
X-Spam-Level:
X-Spam-Status: No, score=-2.509 tagged_above=-999 required=5 tests=[AWL=0.090, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nSsGikce81rS for <dnsext@ietfa.amsl.com>; Thu, 12 Apr 2012 04:17:20 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) by ietfa.amsl.com (Postfix) with ESMTP id 3593721F84DA for <dnsext@ietf.org>; Thu, 12 Apr 2012 04:17:20 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id q3CBHIi5033363; Thu, 12 Apr 2012 13:17:18 +0200 (CEST) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201204121117.q3CBHIi5033363@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Miek Gieben <miek@miek.nl>
In-reply-to: Your message of Thu, 12 Apr 2012 09:14:21 +0200. <20120412071421.GA19834@miek.nl>
Date: Thu, 12 Apr 2012 13:17:18 +0200
Cc: dnsext WG <dnsext@ietf.org>
Subject: Re: [dnsext] draft-hoffman-dnssec-ecdsa-04
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
In your previous mail you wrote: > I've (re)read and implemented dnssec-ecdsa-04 in some code. During that > process I got some questions about it: > > * Section 1: It says ECDSA is 20 times faster than RSA for signing > and 5 times slower for validating. Shouldn't that require a reference? => I got the same differences at a lower level. BTW it seems both RSA and ECDSA are very sensible to optimizations, the only thing which seems unlikely is ECDSA signing not very faster than RSA signing, and ECDSA validating faster than RSA. > * Section 4: How should I know that, x and y are of equal length? => as the public key is an opaque bit string I don't believe it matters (and if you need to know the FIPS 186-3 should provide all details). > * Section 4: Same question for r and s? => in fact they can get leading zeros so not the length you expect. IMHO the critical thing is (quoting the I-D): For P-256, each integer MUST be encoded as 32 octets; for P-384, each integer MUST each be encoded as 48 octets. > * Section 6: In the examples the privatekey file is shown. I > haven't seen (or can't remember) this in any previous RFC > specifing new algorithms for DNSKEYs. Also all other (DSA/RSA) > .priv key files (as generated by BIND) put the public key info > in the .priv file, this one is an exception. Why? => RFC 5933 (about GOST for DNSSEC, which is BTW another EC stuff). > (My local elliptic curve documentation tells me the the private > key consists out of the public key and a bigInt called D) => usually the public key is not considered as being a part of the private key. I know some PKCS#11 devices which don't return the public values when a RSA private key is looked up (note IMHO it is a bad behavior). Here it is clear the private key is a bigInt. Thanks Francis.Dupont@fdupont.fr PS: as far as I can see the example is hard to use to test code: the only thing you can do is to validate old/expired signatures... PPS: the crypto answer is Q = dG so the public key Q is trivial to compute from the private key d and the curve parameters (which includes the generator G). _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Francis Dupont
- [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Miek Gieben
- Re: [dnsext] draft-hoffman-dnssec-ecdsa-04 Francis Dupont