Robert,
First let me apologize as I accidentally put in "bytes" where I meant
"bits" in the examples I provided. Whoops! RSA 2K keys are 2K bits,
i.e., 256 bytes (not 2K bytes). And, 2K RSA sig is the default, as
this matches the key sizes we have already agreed upon for the RPKI
certs. Still, a 20-hop path with RSA 2K (bit) sigs exceeds the 4K
(byte) max UPDATE size, without any other overhead. Sorry for the
confusion.
- What is the maximum key length possible and how big would be the
RSA signature with such key length ?
There is no max key size, but it does not make sense to push for bigger RSA
key sizes, instead of moving to more efficient (in space and
computation) sig algorithms. The sig size for RSA is the same size as
the key.
The likely sucessor algs are DSA or EC-DSA, which use smaller keys,
but offer secruity equivalent to the larger RSA key sizes. The key
sizes for those algorithms yield 128 or 256-bit sigs, under current
hash algs.
- What are the other path security data and what their size might be min-max.
I defer to Matt Lepinski for the details of the other data, as he is
the author of the BGPSEC protocol doc.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
