On 10/6/2014 3:23 PM, Paul Hoffman wrote:
On Oct 6, 2014, at 12:17 PM, Richard Lamb <richard.lamb@icann.org> wrote:
FWIW: With enough warning I believe we can get AEP to work with us. With enough warning, I hope that IANA can get *all* the relevant HSM manufacturers to implement whatever curves are chosen by the IETF for TLS, and then possibly by this community for DNSSEC.
FWIW - it's trivial for most HSM manufacturer's to support the X9.63 style curves and public keys and signatures. Generally, it's just giving them the new curve data. Supporting any of the non-X9.63 curves (including Curve25519 and probably the NUMS Twisted Edwards, but not the NUMS Weiserstrass) will require some selling to the HSM vendors (new math, new math engines, new formats etc) and something more than just the ICANN asking for them. I don't think actually that being chosen for TLS is the right benchmark for DNSSEC - different needs. Mike
--Paul Hoffman
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover