[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
From: Maxim Kammerer <mk@xxxxxx>
Date: Tue, 13 Aug 2013 23:25:13 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 13 Aug 2013 16:26:00 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dee.su; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=ARucdyRWs1eCIZ/9FnAQ2qXAs3gJlYt0AjF/zfIdwks=; b=IkMK96TJ6xbqhDoFyAXtNfbKpkBxi0SvFAP0NRE0zBdRSyr5J1vQNebusOBbdUmp14 xBFoR5VXjHETizp0WoPbptuZUuVoQoATvyXTzrzIaiOXWNfLAAFlcIBnmpFPtvJ97wRj Ig6cpMHqORkeMGTKLc+8V63xd53W//lIxJS6g=
In-reply-to: <CAKDKvuzYUFMQFQJ=wn45oTVfPfw-0Ak8T95eh7SN6vWnf6Xhyg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzYUFMQFQJ=wn45oTVfPfw-0Ak8T95eh7SN6vWnf6Xhyg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Aug 13, 2013 at 4:13 AM, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:

Ed25519 (specifically, Ed25519-SHA-512 as described and specified at
http://ed25519.cr.yp.to/) is a desirable choice here: it's secure,
fast, has small keys and small signatures, is bulletproof in several
important ways, and supports fast batch verification. (It isn't quite
as fast as RSA1024 when it comes to public key operations, since RSA
gets to take advantage of small exponents when generating public
keys.)

At the risk of invoking something that was already discussed to death (and I was not aware): why not go with something established like P-521 that would apparently be a drop-in replacement with OpenSSL? Are the benefits really worth it?

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
  - From: Nick Mathewson

References:
- [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Draft of proposal "Stop HS address enumeration by HSDirs"
Next by Author: Re: [tor-dev] Proposal 222: Stop sending client timestamps
Previous by thread: Re: [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
Next by thread: Re: [tor-dev] [draft] Proposal 220: Migrate server identity keys to Ed25519
Index(es):
- Author
- Thread