At Thu, 28 Feb 2008 14:00:36 -0800 (PST), Harsh Kupwade wrote: > Eric Rescorla <[EMAIL PROTECTED]> wrote: At Thu, 28 Feb 2008 15:04:21 > -0500, > Hadriel Kaplan wrote: > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric > > > Rescorla > > > Sent: Thursday, February 28, 2008 2:14 PM > > > To: Dean Willis > > > Cc: sip@ietf.org > > > Subject: Re: [Sip] comments on draft-kupwade-sip-iba-00 > > > > > > At Thu, 28 Feb 2008 12:46:21 -0600, > > > Dean Willis wrote: > > > > > > Yes, and this is all equally possible with PKI systems. As I > > > said at the beginning, the only thing that IBS is bringing > > > to the party here is a smaller credential. As far as I'm > > > awre, the size of the cert is not the primary reason for lack > > > of adoption of any of these schemes > > > > > > Again, what does IBS bring to the party except compression? [0]. > > > > I agree with you in general about IBS (but I like IBE); but it's not > > just compression that IBE brings. When you receive a PKI cert from > > an individual, you have to do a verification step that their cert > > was signed by the CA. Assuming you share the same CA and all, > > you're still doing a signature validation operation of the > > individual's cert before you can then go validate what it is they > > signed, with that user cert. Right? If you share the same KG, you > > skip that validation step. Although I guess you have to generate > > the individual's public key, which is probably just as taxing an > > operation. So maybe it's a wash. > > I can't tell what your concern is? Performance? > > There are a lot of different designs that trade off the > speed of various operations. In general, at least one > of the operations (encrypt, decrypt) requires a pairing > operation, so IB* systems are in aggregate slower than > comparable non-IB* systems. > > Elliptic Curve Pairing operation is faster than the usual RSA operation. > > The bench mark program in the paring based crypto-library > developed by the Dan Bonehs research group shows how Elliptic > curve parings ( Tate pairings) are faster than the usual RSA > decryption scheme. > - Harsh
Uh, that's not really what's at issue, since (1) RSA isn't really that fast compared to good EC systems and (2) the RSA decrypt is the slowest part of RSA. I'm not aware of any IB* system that has superior aggregate performance to the state of the art EC systems. [0] Could you please identify the exact IBS system you're talking about and the performance you believe it has on some system compared to RSA and ECDH or ECDSA. -Ekr [0] I'm assuming you're looking at the upper left hand part of the table (type-a). This isn't the type of curve people would usually use for PBC. More like d159 or f, which, you'll note, are quite a bit slower than type-a. Note, however, that I've heard that Ben's numbers aren't the fastest going implementation of PBC, but that doesn't affect the main point. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
