On Sun, 3 Oct 2004, Seth Goodman wrote:
From: Miles Libbey
Sent: Saturday, October 02, 2004 1:10 PM
As I recall, it was more like $50k, and that assumed that all of our
email -- both inbound and outbound was signed. Hotmail has publically
indicated that it blocks over 3 Billion messages per day, and yahoo
mail handles mail for a similar size user base -- hopefully that gives
an indication of the scale we are talking about.
I think this deserves a bit more explanation, since PK crypto signing and
validation are so CPU intensive.
YMMV. Consider that the e-mail signature's "lifetime" is on the order of
days or a few weeks. Given that, your RSA key length can be shortened
considerably yet be "good enough" for this application. As an example,
there is a standards track proposal afoot in the MSEC working group that
uses 512-bit RSA key length for per packet multicast source
authentication. The signature data is part of the ESP trailer's
authenticator field. Within the realm of the MSEC IPsec threat model, that
short key length is acceptable, and reaps a considerable saving in CPU
consumption. So, perhaps this e-mail signature problem may be finessed by
a weaker RSA key approach. If CPU usage still is a problem even at shorter
key lengths, then you may have identified a requirement that the MUA do
the signature rather than the MTA.
Did anyone write a MASS threat model analysis ID yet?
BTW, RSA has the helpful property that signing the message is more
CPU-intensive than receiving and verifying its signature (about a 2:1
ratio if I remember). if you really want hard numbers, I'd suggest the
taking a google search and look at the open source crypto++ library
When verifying an e-mail signature, I would not be surprized to find that
most of the latency incurred is retrieving and validating CA certificate
chains, since in this any-to-any e-mail environment I would anticipate
that you will have certificates issued to many domains, all of the domains
relying on a few (100s?) e-mail trust broker Certificate Authorities.
Effectively, a global PKI. Could someone please tell me, is this the MASS
long-term deployment goal?
hmm.... FWIW, I've never seen a discussion in the IETF about global PKI
that ever concluded it would be deployed in our lifetime....