2048 bits would work, even for DKIM. 256 bytes for the key, 64 bytes for the DNSSEC signature. That leaves 190 bytes for packaging and still fit within the 500 byte DNS limit. I would even feel relatively comfortable fitting this into DKIM even with base64 encoded keys. > -----Original Message----- > From: Hal Finney [mailto:hal.finney at gmail.com] > Sent: Wednesday, March 22, 2006 10:52 PM > To: Hallam-Baker, Phillip > Cc: cfrg at ietf.org > Subject: Re: [Cfrg] Defining inter operable ECC keys in for > IETF protocols > > On 3/22/06, Hallam-Baker, Phillip <pbaker at verisign.com> wrote: > > Would the recently proposed extended DSA with larger key sizes be a > > workable alternative? > > > > The key size is still large (does someone know how large a > key has to > > be to give 2^128 equivalent security). > > The new draft specifies two subgroup size choices for 2048 bit moduli: > 224 and 256 bits. Or you can go to 3072 bit modulus also with > a 256 bit subgroup. But I guess they think that a 2048 bit > modulus isn't too bad a match with a 256 bit subgroup, for > 128 bit security. > > http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS > -186-3%20_March2006.pdf > > Hal > >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cfrg mailing list Cfrg at ietf.org https://www1.ietf.org/mailman/listinfo/cfrg