Possibly questionable security decisions in DNS root management
Ben Laurie
benl at google.com
Sat Oct 17 04:01:24 EDT 2009
On Thu, Oct 15, 2009 at 12:39 AM, Jack Lloyd <lloyd at randombit.net> wrote:
> On Wed, Oct 14, 2009 at 10:43:48PM -0400, Jerry Leichter wrote:
>> If the constraints elsewhere in the system limit the number of bits of
>> signature you can transfer, you're stuck. Presumably over time you'd
>> want to go to a more bit-efficient signature scheme, perhaps using
>> ECC.
>
> Even plain DSA would be much more space efficient on the signature
> side - a DSA key with p=2048 bits, q=256 bits is much stronger than a
> 1024 bit RSA key, and the signatures would be half the size. And NIST
> allows (2048,224) DSA parameters as well, if saving an extra 8 bytes
> is really that important.
>
> Given that they are attempted to optimize for minimal packet size, the
> choice of RSA for signatures actually seems quite bizarre.
DSA can be used in DNSSEC - unfortunately it is optional, though.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list