william(at)elan.net wrote:
If I remember Sendmail also said that they ran their own tests and
increased cpu load on any single server due to signing all emails was
about 25%, I think this may have been with smaller 384 or 512 keys.
No, 7-8% for signing w/ a 384 bit key:
http://sendmail.net/dk-milter/benchmark/
We should probably assume that good size keys (768 at least) would mean
around 50% increase in cpu load (and to me that is acceptable number).
Actually, it appears to be the SHA1 hash that takes about 90% of the
time for the DK signature, so the message size will matter more than key
length. We're doing some tests w/ 512 and 1024 bit keys to double
check, but this would seem to hold with Port25's tests that showed IIM
signing took about twice as much time as DK signing because IIM does two
independent SHA1s.
-Rand