In your previous mail you wrote: > The verification performance is bad, P256 takes 24x times longer to verify a > signature than 2048 bit RSA key.
=> I got a different figure (6x) for my ECC paper, and: - it was published the 3 may 2013 so one can expect ECC performance has been improved since I got it - P256 ECDSA is stronger than 2048 bit RSA so it is like comparing oranges and grapefruits. BTW if signing is faster than verifying it is not an ECC property but an (EC)DSA one. Regards francis.dup...@fdupont.fr PS: to come back to the 1024 vs 2048 discussion: 1024 bit RSA is weaker than some might want but there is (and will be in a reasonable time frame) no practical attack against it. In fact I am more concerned by possible (?) attacks against a rollover chain... _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
