>> - Section 1 >> "This is illustrated in the following table, based on [Lenstra_Verheul], >> which gives approximate comparable key sizes for symmetric- and >> asymmetric-key cryptosystems based on the best-known algorithms for >> attacking them." >> >> The key sizes for DH/DSA/RSA does not seem to be based on the >> Lenstra-Verheuls equations which gives much higher key sizes for >> DH/DSA/RSA. >> >> The DH/DSA/RSA key sizes seem to be based on NIST recommendations. I >> suggest either: >> >> A) Fully based the table on NIST recommendation, which means keeping >> DH/DSA/RSA as is but simplifying ECC to 2 * Symmetric. >> B) Update the DH/DSA/RSA key sizes based on state-of-the-art. But then I >> would say that this is not [Lenstra_Verheul], but rather [RFC3766], >> [Lenstra 2004], [ECRYPT 2012]. I think these three all use the same >> equation. >> C) Just remove DH/DSA/RSA as the draft is about ECC. > > I’m inclined to get rid of this table and all the text from “This is > illustrated…” entirely. ECC is by now in wide use. We don’t need to “sell” it > any more. so unless someone would like to make a PR with better text, I will > just get rid of it.
You could be more draconian and start the draft with the paragraph: This document describes additions to TLS to support ECC …. Because you’re right we don’t really need to do much selling here. spt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls