Re: [TLS] New Version Notification for draft-sheffer-tls-bcp-00.txt
Yoav Nir <ynir@checkpoint.com> Mon, 09 September 2013 19:06 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 379ED21E80AE for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 12:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.555
X-Spam-Level:
X-Spam-Status: No, score=-5.555 tagged_above=-999 required=5 tests=[AWL=-2.444, BAYES_00=-2.599, FB_WORD1_END_DOLLAR=3.294, FB_WORD2_END_DOLLAR=3.294, J_CHICKENPOX_33=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2G97GSoJ1LsU for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 12:06:43 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id C550821E80AB for <tls@ietf.org>; Mon, 9 Sep 2013 12:06:39 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r89J6F3s022778; Mon, 9 Sep 2013 22:06:15 +0300
X-CheckPoint: {522E1C27-0-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Mon, 9 Sep 2013 22:06:15 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Michael Ströder <michael@stroeder.com>
Thread-Topic: [TLS] New Version Notification for draft-sheffer-tls-bcp-00.txt
Thread-Index: AQHOrY+nTAtWeByYw0au+1HiAvNaZQ==
Date: Mon, 09 Sep 2013 19:06:14 +0000
Message-ID: <DA6B4D59-2FF2-489F-8E54-FF685EE372AB@checkpoint.com>
References: <9A043F3CF02CD34C8E74AC1594475C7344731843@uxcn10-6.UoA.auckland.ac.nz> <522DF7BF.7080608@stroeder.com>
In-Reply-To: <522DF7BF.7080608@stroeder.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.77]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <D6DA583561E4B647B6FE79ACB00AB256@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 19:06:49 -0000
On Sep 9, 2013, at 7:30 PM, Michael Ströder <michael@stroeder.com> wrote: > Peter Gutmann wrote: >> Why at least 2048 bits? What's wrong with 1280, or 1536, which will be quite >> a lot faster. > > I vaguely remember that you brought up your doubts about bigger key-lengths > already somewhere else quite a while ago. > > Do you have numbers about the relative and absolute performance impact? > Personally I don't see performance problems but I can't prove my position with > numbers. OpenSSL (probably either the most common or second most common library for such things) does not have a speed test for D-H, but the DSA numbers should pretty much match, no? MBA-2:tmp synp$ openssl speed dsa1024 dsa2048 Doing 1024 bit sign dsa's for 10s: 21689 1024 bit DSA signs in 9.65s Doing 1024 bit verify dsa's for 10s: 18913 1024 bit DSA verify in 9.74s Doing 2048 bit sign dsa's for 10s: 6803 2048 bit DSA signs in 9.63s Doing 2048 bit verify dsa's for 10s: 5668 2048 bit DSA verify in 9.82s OpenSSL 1.0.1e 11 Feb 2013 built on: Tue Feb 26 05:00:07 PST 2013 options:bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: /usr/bin/clang -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM sign verify sign/s verify/s dsa 1024 bits 0.000445s 0.000515s 2247.6 1941.8 dsa 2048 bits 0.001416s 0.001733s 706.4 577.2 So it makes sense that with 1280 or 1536 the result would be somewhere in the middle. Yoav
- [TLS] Fwd: New Version Notification for draft-she… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Paterson, Kenny
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] [perpass] Fwd: New Version Notification… Yoav Nir
- Re: [TLS] [perpass] Fwd: New Version Notification… Nikos Mavrogiannopoulos
- Re: [TLS] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [TLS] Fwd: New Version Notification for draft… Michael Ströder
- Re: [TLS] New Version Notification for draft-shef… Yoav Nir
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer
- Re: [TLS] Fwd: New Version Notification for draft… Patrick Pelletier
- Re: [TLS] Fwd: New Version Notification for draft… Hanno Böck
- Re: [TLS] Fwd: New Version Notification for draft… Peter Gutmann
- Re: [TLS] New Version Notification for draft-shef… james hughes
- Re: [TLS] Fwd: New Version Notification for draft… Sean Turner
- Re: [TLS] Fwd: New Version Notification for draft… Yaron Sheffer