[144960] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root management
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Oct 19 11:50:32 2009
In-Reply-To: <20091015043907.GB24191@randombit.net>
Date: Sat, 17 Oct 2009 04:01:24 -0400
From: Ben Laurie <benl@google.com>
To: cryptography@metzdowd.com
On Thu, Oct 15, 2009 at 12:39 AM, Jack Lloyd <lloyd@randombit.net> wrote:
> On Wed, Oct 14, 2009 at 10:43:48PM -0400, Jerry Leichter wrote:
>> If the constraints elsewhere in the system limit the number of bits of
>> signature you can transfer, you're stuck. =A0Presumably over time you'd
>> want to go to a more bit-efficient signature scheme, perhaps using
>> ECC.
>
> Even plain DSA would be much more space efficient on the signature
> side - a DSA key with p=3D2048 bits, q=3D256 bits is much stronger than a
> 1024 bit RSA key, and the signatures would be half the size. And NIST
> allows (2048,224) DSA parameters as well, if saving an extra 8 bytes
> is really that important.
>
> Given that they are attempted to optimize for minimal packet size, the
> choice of RSA for signatures actually seems quite bizarre.
DSA can be used in DNSSEC - unfortunately it is optional, though.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
