<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 29 January 2015 at 15:02, Linus Nordberg <span dir="ltr"><<a href="mailto:linus@nordberg.se" target="_blank">linus@nordberg.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Randy Bush <<a href="mailto:randy@psg.com">randy@psg.com</a>> wrote<br>
Sat, 24 Jan 2015 21:19:01 +0900:<br>
<br>
| folk such as rob, jakob, and linus (on family leave) should be able to<br>
| transform the dnssec, rpki, and tor consensus use cases into estimates<br>
| of the number of keys, rate of change, algorithms, need for speed to<br>
| validate, etc.<br>
<br>
A Certificate Transparency [0] log uses one ECDSA or one RSA key [1] to<br>
sign two separate documents:<br>
<br>
- STH's might need to be signed once per hour<br>
- SCT's might need to be signed once per second(*)<br></blockquote><div><br></div><div>More like one every 20 seconds at current rates.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
If ECDSA, the curve is NIST P-256.<br>
<br>
If RSA, the key size is at least 2048 and the digest algorithm is<br>
SHA-256.<br>
<br>
A CT log never verifies signatures.<br></blockquote><div><br></div><div>Clients do, of course.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
(*) This number is grabbed out of a hat made out of napkin backsides<br>
<br>
[0] <a href="https://tools.ietf.org/html/rfc6972" target="_blank">https://tools.ietf.org/html/rfc6972</a><br>
[1] <a href="https://tools.ietf.org/html/rfc6972" target="_blank">https://tools.ietf.org/html/rfc6972</a> section 2.1.4<br>
_______________________________________________<br>
Tech mailing list<br>
<a href="mailto:Tech@cryptech.is">Tech@cryptech.is</a><br>
<a href="https://lists.cryptech.is/listinfo/tech" target="_blank">https://lists.cryptech.is/listinfo/tech</a><br>
</blockquote></div><br></div></div>