Possibly questionable security decisions in DNS root management
Bill Stewart
bill.stewart at pobox.com
Mon Oct 19 15:13:21 EDT 2009
At 12:31 AM 10/19/2009, Alexander Klimov wrote:
>On Thu, 15 Oct 2009, Jack Lloyd wrote:
> > Given that they are attempted to optimize for minimal packet size, the
> > choice of RSA for signatures actually seems quite bizarre.
>
>Maybe they try to optimize for verification time.
>
>$ openssl speed
Verification speed for the root or TLD keys doesn't need to be fast,
because you'll be caching them.
Verification speed for every random 2LD.gTLD or 3TLD.2TLD.ccTLD can be
important,
but there are lots of 2LDs that are also important to sign securely.
I don't care whether my disposable Yahoo mail account login connections are
signed securely,
but I care a lot about whether I'm really connecting to my bank or not.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list