Peter Gutmann wrote:
John Levine <[email protected]> writes:
Is there some point to speculating ...?
Absolutely. ...
... so I'm
assuming there was some business-case issue ...
... a security mechanism was deployed on a large scale ...
Let me speculate a moment.
The 384 bits keys are much more efficient than 768+ keys (see HIP
specifications first version which had a 384 bits DH prime for low-end
environments).
The business case is to avoid upgrading the e-mail servers merely
because you turn on DKIM (hitting a CPU horsepower limit).
Keep in mind that the RSA vs DSA spreads of CPU load between signer and
verifier are reversed (RSA signature is more CPU-intensive, DSA
verification is more CPU-intensive).
Regards,
--
- Thierry Moreau
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
