[Cryptech Core] peering into the dusk

Leif Johansson leifj at sunet.se
Sat Sep 27 12:54:41 UTC 2014

Previous message (by thread): [Cryptech Core] peering into the dusk
Next message (by thread): [Cryptech Core] free crypto stuff in jp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]



> 27 sep 2014 kl. 12:50 skrev "Linus Nordberg" <linus at nordberg.se>:
> 
> Randy Bush <randy at psg.com> wrote
> Fri, 26 Sep 2014 09:06:28 +0900:
> 
> | if this makes sense, perhaps jakob will lead the dnssec requirements
> | discussion, and rob rpki and bgpsec.  and i presume linus will chime
> | in with tor, which is good.
> 
> For signing consensuses (once per hour) we'll need RSA (with at least
> 2048-bit keys) and SHA-1 for now. I'm going to try to figure out for how
> long this will be enough and when Ed25519 + SHA-512 is what we want,
> too. I'll follow up on tech at .
> 
> 
> Another early adopter I'd like to ask you about your thoughts on is
> signing in Certificate Transparency (RFC6962), i.e. signing of STH's and
> SCT's. The spec says RSA (2048-bit or longer keys) with SHA-256 or ECDSA
> with NIST P-256. If we want to serve Google, ECDSA is needed.
> 
> Signing of STH's typically happens once per hour or less. I estimate
> signing of SCT's to happen "some hundreds of times per hour" and that
> "once per second" at peak is going to be just fine.
> 
> Thoughts on CT as an early case?

I like it - we are less constrained by p11 for that case since we control the stack (i.e Linus is coding in erlang and there is no p11 anyway)


> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core

Previous message (by thread): [Cryptech Core] peering into the dusk
Next message (by thread): [Cryptech Core] free crypto stuff in jp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list