[Cfrg] Defining inter operable ECC keys in for IETF protocols
Ólafur Guðmundsson <ogud@ogud.com> Wed, 15 March 2006 15:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJXY9-0006iZ-0i; Wed, 15 Mar 2006 10:04:33 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJXY7-0006iU-Jy for cfrg@ietf.org; Wed, 15 Mar 2006 10:04:31 -0500
Received: from ns.ogud.com ([66.92.146.160] helo=ogud.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJXY6-0003rh-81 for cfrg@ietf.org; Wed, 15 Mar 2006 10:04:31 -0500
Received: from Puki.ogud.com (ns.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id k2FF4PGM032011 for <cfrg@ietf.org>; Wed, 15 Mar 2006 10:04:25 -0500 (EST) (envelope-from ogud@ogud.com)
Message-Id: <6.2.5.6.2.20060312230932.03af3150@ogud.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 15 Mar 2006 10:04:10 -0500
To: cfrg@ietf.org
From: Ólafur Guðmundsson <ogud@ogud.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.56 on 66.92.146.160
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Subject: [Cfrg] Defining inter operable ECC keys in for IETF protocols
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
I apologize for this open ended question but the WG I co-chair DNSEXT has added security extensions to the base DNS protocol (DNSSEC), currently RSA/SHA1 is the main signing algorithm. DSA is also defined. DSA is reaching end of life, safe RSA signatures and keys are large. As DNS messages are carried over UDP packets there is interest in being able ECC due to the fact the keys and signatures are much smaller. A proposal has been made for a ECC key format. http://www.ietf.org/internet-drafts/draft-ietf-dnsext-ecc-key-08.txt Our worry is that the format proposed is open ended and people can publish/use keys in fields that the rest of the world can not use due to lack of support in common crypto libraries. What the DNSEXT working group is looking for is some guidance on how to create a SHORT list of fields/curves to use by ECC in the DNS context and/or wider IETF context. Nice feature: In the DNS world we are more interested in keeping Verification time down than signing time, RSA with small exponent is quite nice in this regards. I do not know if the choice of ECC variant has any impact on the difference between signing and verification time. If due to the shorter length of ECC key the signature verification times are on-par with equivalent strength RSA key this is a non issue. In some environments due to the large number of signatures that need to generated in short time, hardware implementations might be required. Any guidance will be greatly appreciated. Olafur _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Defining inter operable ECC keys in for IE… Ólafur Guðmundsson
- RE: [Cfrg] Defining inter operable ECC keys in fo… Hallam-Baker, Phillip
- RE: [Cfrg] Defining inter operable ECC keys in fo… Blumenthal, Uri
- RE: [Cfrg] Defining inter operable ECC keys in fo… Scott Fluhrer
- RE: [Cfrg] Defining inter operable ECC keys in fo… Yvonne Cliff
- Re: [Cfrg] Defining inter operable ECC keys in fo… Yvonne Cliff
- RE: [Cfrg] Defining inter operable ECC keys in fo… Peter Gutmann
- RE: [Cfrg] Defining inter operable ECC keys in fo… Hallam-Baker, Phillip
- Re: [Cfrg] Defining inter operable ECC keys in fo… Hal Finney
- RE: [Cfrg] Defining inter operable ECC keys in fo… Whyte, William
- RE: [Cfrg] Defining inter operable ECC keys in fo… Whyte, William
- RE: [Cfrg] Defining inter operable ECC keys in fo… Whyte, William
- RE: [Cfrg] Defining inter operable ECC keys in fo… Ólafur Guðmundsson
- Re: [Cfrg] Defining inter operable ECC keys in fo… Daniel Brown
- RE: [Cfrg] Defining inter operable ECC keys in fo… Blumenthal, Uri
- RE: [Cfrg] Defining inter operable ECC keys in fo… Hallam-Baker, Phillip
- RE: [Cfrg] Defining inter operable ECC keys in fo… Hallam-Baker, Phillip
- RE: [Cfrg] Defining inter operable ECC keys in fo… Russ Housley
- Re: [Cfrg] Defining inter operable ECC keys in fo… Adam Back
- Re: [Cfrg] Defining inter operable ECC keys in fo… Ben Laurie
- Re: [Cfrg] Defining inter operable ECC keys in fo… Ólafur Guðmundsson
- RE: [Cfrg] Defining inter operable ECC keys in fo… Hallam-Baker, Phillip