IETF Logo Mail Archive

[Cfrg] Defining inter operable ECC keys in for IETF protocols

Ólafur Guðmundsson <ogud@ogud.com> Wed, 15 March 2006 15:04 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJXY9-0006iZ-0i; Wed, 15 Mar 2006 10:04:33 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJXY7-0006iU-Jy for cfrg@ietf.org; Wed, 15 Mar 2006 10:04:31 -0500
Received: from ns.ogud.com ([66.92.146.160] helo=ogud.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJXY6-0003rh-81 for cfrg@ietf.org; Wed, 15 Mar 2006 10:04:31 -0500
Received: from Puki.ogud.com (ns.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id k2FF4PGM032011 for <cfrg@ietf.org>; Wed, 15 Mar 2006 10:04:25 -0500 (EST) (envelope-from ogud@ogud.com)
Message-Id: <6.2.5.6.2.20060312230932.03af3150@ogud.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 15 Mar 2006 10:04:10 -0500
To: cfrg@ietf.org
From: Ólafur Guðmundsson <ogud@ogud.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 66.92.146.160
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Subject: [Cfrg] Defining inter operable ECC keys in for IETF protocols
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org

I apologize for this open ended question but the WG I co-chair DNSEXT
has added security extensions to the base DNS protocol (DNSSEC),
currently RSA/SHA1 is the main signing algorithm. DSA is also
defined. DSA is reaching end of life, safe RSA signatures and keys are
large.

As DNS messages are carried over UDP packets there is interest in being
able ECC due to the fact the keys and signatures are much smaller.
A proposal has been made for a ECC key format.
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ecc-key-08.txt

Our worry is that the format proposed is open ended and people can
publish/use keys in fields that the rest of the world can not use due
to lack of support in common crypto libraries.

What the DNSEXT working group is looking for is some guidance on how
to create a SHORT list of fields/curves to use by ECC in the DNS context
and/or wider IETF context.

Nice feature: In the DNS world we are more interested in keeping
Verification time down than signing time, RSA with small exponent is quite
nice in this regards. I do not know if the choice of ECC variant has any
impact on the difference between signing and verification time.
If due to the shorter length of ECC key the signature verification times
are on-par with equivalent strength RSA key this is a non issue.

In some environments due to the large number of signatures that need to
generated in short time, hardware implementations might be required.

Any guidance will be greatly appreciated.

	Olafur 


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email