On 2/8/2017 7:56 AM, Somaraju Abhinav wrote:
Hi Mike,
the signature size of RSA is an issue even in the 1024 bit version.
The main wireless protocol, 802.15.4 has a PHY/MAC packet size of 127
bytes so we will have to fragment IP packets (Bluetooth LE is even
smaller at just 27 bytes). This makes it very difficult to meet the
time to light requirements. This is also a concern for the 70-80 byte
overhead of ECC but we can probably just about manage.
I could have sworn this was going to be running over IPv6? E.g. is
this an "internet protocol" or are you just wrapping it up in IPV6
packets for marketing?
Or is this yet another requirement - "Must not cause excessive IPv6
fragmentation"? that needs to be stated.
You are specifying this as group key multicast protocol on IPv6, but
I'm finding it hard to figure out whether or not you expect this to work
in anything except a single subnet, homogeneous transmission technology
model. If that's the case, why are we talking about this as an IETF task?
To put it another way - you can't have your cake and eat it too. If
this is an internet protocol, then it has to be able to work in the ...
well.. internet. If your target is closely connected nodes with
identical transmission modes, then why not go get IEEE to standardize
something?
Look - IP protocol is a pretty big hammer and there's this tendency to
try and make everything look like a nail. But some things are not nails
and can never be made to be nails. This lighting multicast, cheap, low
latency, control system is really not looking like a nail.
Mike
Abhinav
------------------------------------------------------------------------
*From:* Ace <ace-boun...@ietf.org> on behalf of Michael StJohns
<mstjo...@comcast.net>
*Sent:* Wednesday, February 8, 2017 3:55:22 AM
*To:* ace@ietf.org
*Subject:* [Ace] Asymmetric signature performance
Hi -
This is sort of non-obvious, but one or two articles I read suggest that
RSA 1024 performance may be better than the ECDSA equivalent.
The tradeoff here is obviously the size of the signature and the
transmission thereof, but...
While 1024 bits isn't an ideal security strength for RSA, using any
asymmetric key system for source authentication in group systems is
going to be much better than trying to pretend that symmetric group key
systems have any authentication properties at all.
I saw a PPT presentation by Hannes that didn't include any RSA
performance numbers for the ARM processors even though the key sizes
were compared. My guess is that someone has numbers for 1024 RSA
signatures on the tiny ARM processors that might be useful to throw into
the mix.
https://www.cryptopp.com/benchmarks.html has comparison values for a
specific library.
What I'm suggesting is that we figure out how to meet the "can't cost
anything" requirement with weaker asymmetric keys rather than accepting
a low end fantasy of symmetric key multicast authentication.
Mike
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
________________________________________________________ The contents
of this e-mail and any attachments are confidential to the intended
recipient. They may not be disclosed to or used by or copied in any
way by anyone other than the intended recipient. If this e-mail is
received in error, please immediately notify the sender and delete the
e-mail and attached documents. Please note that neither the sender nor
the sender's company accept any responsibility for viruses and it is
your responsibility to scan or otherwise check this e-mail and any
attachments.
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
