[Cryptech Tech] Draft Requirements

[Jakob Schlyter]

> On 16 feb 2015, at 03:45, Warren Kumari <warren at kumari.net> wrote:
> 
> Some nits:
> 
> DNSSEC Use Case:
> "Each update to the requires 3-4 signatures (per algorithm)" -- a word
> is missing, I'm assuming "zone"?
> 
> "Resign SOA (signed by KSK)"
> The SOA (like most other records) is signed with the ZSK. The KSK signs the ZSK.
> and:
> "Resign NSEC/NSEC"  - I think you wanted NSEC/NSEC3

fixed. thanks!

> Also, a large number of zones get signed in full, not on the fly. For
> performance (and various other reasons) it is fairly common to store
> the KSK in an offline HSM, put the ZSK on general purpose machines and
> use the CPU to sign.
> This makes the signing performance of the HSM not very important at all.

Correct. I hope we can build something that doesn't make you want do that kind of split (except for policy reasons).

> There are some who sign on hardware, but it's tricky to get actual
> performance numbers from folk - however, here is some commercial HSM
> performance numbers from testing by the opendnssec folk:
> http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf

Yes, although the report is rather old the numbers are still accurate enough.

> For one bit of hardware this got ~1000 sig/sec for RSA1024 and ~23
> sig / sec for RSA4096.
> These performance numbers are only important if a: you sign with the
> HSM and b: you need to resign the entire zone.
> Even if you normally sign each record, you still need to be able to
> resign the entire zone under some conditions (including keyroll)
> 
> Just for more scaling info, as of Jan 2014 .uk (a very large cc) had
> 10.5M domains. At 1000sig/sec that's around 2h55min to resign with
> RSA1024 and that bit of kit.

We can do better.

	jakob