Possibly questionable security decisions in DNS root management
Jack Lloyd
lloyd at randombit.net
Thu Oct 15 00:39:07 EDT 2009
On Wed, Oct 14, 2009 at 10:43:48PM -0400, Jerry Leichter wrote:
> If the constraints elsewhere in the system limit the number of bits of
> signature you can transfer, you're stuck. Presumably over time you'd
> want to go to a more bit-efficient signature scheme, perhaps using
> ECC.
Even plain DSA would be much more space efficient on the signature
side - a DSA key with p=2048 bits, q=256 bits is much stronger than a
1024 bit RSA key, and the signatures would be half the size. And NIST
allows (2048,224) DSA parameters as well, if saving an extra 8 bytes
is really that important.
Given that they are attempted to optimize for minimal packet size, the
choice of RSA for signatures actually seems quite bizarre.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list