RE: charter constraints list


Hi,

On Sun, 3 Oct 2004, Seth Goodman wrote:

From: Miles Libbey
Sent: Saturday, October 02, 2004 1:10 PM


<...>

As I recall, it was more like $50k, and that assumed that all of our
email -- both inbound and outbound was signed. Hotmail has publically
indicated that it blocks over 3 Billion messages per day, and yahoo
mail handles mail for a similar size user base -- hopefully that gives
an indication of the scale we are talking about.


I think this deserves a bit more explanation, since PK crypto signing and
validation are so CPU intensive.


YMMV. Consider that the e-mail signature's "lifetime" is on the order of
days or a few weeks. Given that, your RSA key length can be shortened
considerably yet be "good enough" for this application. As an example,
there is a standards track proposal afoot in the MSEC working group that
uses 512-bit RSA key length for per packet multicast source
authentication. The signature data is part of the ESP trailer's
authenticator field. Within the realm of the MSEC IPsec threat model, that
short key length is acceptable, and reaps a considerable saving in CPU
consumption.  So, perhaps this e-mail signature problem may be finessed by
a weaker RSA key approach. If CPU usage still is a problem even at shorter
key lengths, then you may have identified a requirement that the MUA do
the signature rather than the MTA.

Did anyone write a MASS threat model analysis ID yet?

BTW, RSA has the helpful property that signing the message is more
CPU-intensive than receiving and verifying its signature (about a 2:1
ratio if I remember). if you really want hard numbers, I'd suggest the
taking a google search and look at the open source crypto++ library
benchmarks.

When verifying an e-mail signature, I would not be surprized to find that
most of the latency incurred is retrieving and validating CA certificate
chains, since in this any-to-any e-mail environment I would anticipate
that you will have certificates issued to many domains, all of the domains
relying on a few (100s?) e-mail trust broker Certificate Authorities.
Effectively, a global PKI. Could someone please tell me, is this the MASS
long-term deployment goal?

hmm.... FWIW, I've never seen a discussion in the IETF about global PKI
that ever concluded it would be deployed in our lifetime....

hth,
        George

<snip>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Why we don't require requirements, (continued) Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, domainkeys-feedbackbase01 Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, ned . freed charter constraints list, Dave Crocker RE: charter constraints list, Seth Goodman RE: charter constraints list, Dave Crocker RE: charter constraints list, Miles Libbey RE: charter constraints list, Seth Goodman RE: charter constraints list, George Gross <= RE: charter constraints list, domainkeys-feedbackbase01 RE: charter constraints list, Michael Thomas RE: charter constraints list, Seth Goodman RE: charter constraints list, Jim Fenton RE: charter constraints list, Seth Goodman RE: charter constraints list, Jim Fenton RE: charter constraints list, Seth Goodman RE: charter constraints list, Michael Thomas RE: charter constraints list, Seth Goodman RE: charter constraints list, Michael Thomas

Previous by Date:	RE: charter constraints list, Seth Goodman
Next by Date:	Re: Why we really don't require requirements, George Gross
Previous by Thread:	RE: charter constraints list, Seth Goodman
Next by Thread:	RE: charter constraints list, domainkeys-feedbackbase01
Indexes:	[Date] [Thread] [Top] [All Lists]