hardware crypto support for dnssec validation?

Mark Andrews Mark_Andrews at isc.org
Fri Jul 11 06:31:22 UTC 2008


> i was under the impression that this wasn't necessary since verification
> was so much faster than generation in the signature alg's used in dnssec.
> 
> opin?  (fwd'd w/ permission.)

	The following applies to RSA.

	Normally the exponent is choosen to make it cheaper to
	validate than to sign.

	If you have the crypto hardware validation will also be
	accelerated but not as much as signature generation as key
	pairs are unlikely to be cached in the hardware.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-workers mailing list