[144959] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root management
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Fri Oct 16 22:28:21 2009
Date: Thu, 15 Oct 2009 00:39:07 -0400
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <CBD7DEBE-9D24-4DA2-B103-2B5EEDEC7564@lrw.com>
On Wed, Oct 14, 2009 at 10:43:48PM -0400, Jerry Leichter wrote:
> If the constraints elsewhere in the system limit the number of bits of
> signature you can transfer, you're stuck. Presumably over time you'd
> want to go to a more bit-efficient signature scheme, perhaps using
> ECC.
Even plain DSA would be much more space efficient on the signature
side - a DSA key with p=2048 bits, q=256 bits is much stronger than a
1024 bit RSA key, and the signatures would be half the size. And NIST
allows (2048,224) DSA parameters as well, if saving an extra 8 bytes
is really that important.
Given that they are attempted to optimize for minimal packet size, the
choice of RSA for signatures actually seems quite bizarre.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
