[Cryptech Tech] CT use case (was: goals / use cases)

Ben Laurie benl at google.com
Fri Jan 30 18:02:20 UTC 2015


On 29 January 2015 at 15:02, Linus Nordberg <linus at nordberg.se> wrote:

> Randy Bush <randy at psg.com> wrote
> Sat, 24 Jan 2015 21:19:01 +0900:
>
> | folk such as rob, jakob, and linus (on family leave) should be able to
> | transform the dnssec, rpki, and tor consensus use cases into estimates
> | of the number of keys, rate of change, algorithms, need for speed to
> | validate, etc.
>
> A Certificate Transparency [0] log uses one ECDSA or one RSA key [1] to
> sign two separate documents:
>
> - STH's might need to be signed once per hour
> - SCT's might need to be signed once per second(*)
>

More like one every 20 seconds at current rates.


>
> If ECDSA, the curve is NIST P-256.
>
> If RSA, the key size is at least 2048 and the digest algorithm is
> SHA-256.
>
> A CT log never verifies signatures.
>

Clients do, of course.


>
> (*) This number is grabbed out of a hat made out of napkin backsides
>
> [0] https://tools.ietf.org/html/rfc6972
> [1] https://tools.ietf.org/html/rfc6972 section 2.1.4
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20150130/5e5a7ee7/attachment.html>


More information about the Tech mailing list