hardware crypto support for dnssec validation?
Mark_Andrews at isc.org
Fri Jul 11 06:31:22 UTC 2008
> i was under the impression that this wasn't necessary since verification
> was so much faster than generation in the signature alg's used in dnssec.
> opin? (fwd'd w/ permission.)
The following applies to RSA.
Normally the exponent is choosen to make it cheaper to
validate than to sign.
If you have the crypto hardware validation will also be
accelerated but not as much as signature generation as key
pairs are unlikely to be cached in the hardware.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-workers