[144969] in cryptography@c2.net mail archive
Re: Possibly questionable security decisions in DNS root management
daemon@ATHENA.MIT.EDU (Bill Stewart)
Tue Oct 20 16:57:47 2009
Date: Mon, 19 Oct 2009 12:13:21 -0700
To: Alexander Klimov <alserkli@inbox.ru>
From: Bill Stewart <bill.stewart@pobox.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <TheMailAgent.187ed44a450edc@4356846f4019b123dc78>
At 12:31 AM 10/19/2009, Alexander Klimov wrote:
>On Thu, 15 Oct 2009, Jack Lloyd wrote:
> > Given that they are attempted to optimize for minimal packet size, the
> > choice of RSA for signatures actually seems quite bizarre.
>
>Maybe they try to optimize for verification time.
>
>$ openssl speed
Verification speed for the root or TLD keys doesn't need to be fast,
because you'll be caching them.
Verification speed for every random 2LD.gTLD or 3TLD.2TLD.ccTLD can be
important,
but there are lots of 2LDs that are also important to sign securely.
I don't care whether my disposable Yahoo mail account login connections are
signed securely,
but I care a lot about whether I'm really connecting to my bank or not.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
