[Cryptech Tech] CT use case (was: goals / use cases)

Linus Nordberg linus at nordberg.se
Thu Jan 29 15:02:13 UTC 2015

Previous message: [Cryptech Tech] Tor consensus use case
Next message: [Cryptech Tech] CT use case (was: goals / use cases)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush <randy at psg.com> wrote
Sat, 24 Jan 2015 21:19:01 +0900:

| folk such as rob, jakob, and linus (on family leave) should be able to
| transform the dnssec, rpki, and tor consensus use cases into estimates
| of the number of keys, rate of change, algorithms, need for speed to
| validate, etc.

A Certificate Transparency [0] log uses one ECDSA or one RSA key [1] to
sign two separate documents:

- STH's might need to be signed once per hour
- SCT's might need to be signed once per second(*)

If ECDSA, the curve is NIST P-256.

If RSA, the key size is at least 2048 and the digest algorithm is
SHA-256.

A CT log never verifies signatures.

(*) This number is grabbed out of a hat made out of napkin backsides

[0] https://tools.ietf.org/html/rfc6972
[1] https://tools.ietf.org/html/rfc6972 section 2.1.4

Previous message: [Cryptech Tech] Tor consensus use case
Next message: [Cryptech Tech] CT use case (was: goals / use cases)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list