W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2011

Widget-DSig's choice of RSA-4096 Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?

From: Marcos Caceres <w3c@marcosc.com>
Date: Thu, 15 Dec 2011 17:51:13 +0000
To: Brian LaMacchia <bal@microsoft.com>
Cc: public-webapps <public-webapps@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <B144B12B3B674483AC33F16BFD5C4804@marcosc.com>

On Thursday, December 15, 2011 at 4:51 PM, Brian LaMacchia wrote:

> 3) Widget-DSig's choice of RSA-4096 is particularly surprising given the increased size of the signature & verification cost relative to ECDSA-SHA256. That's not going to be efficient to validate, especially not for smartphones and other low-power devices.

Strangeā€¦ no implementer has reported any performance problems on phones? Phones have been the primary target platform for widgets and we worked pretty closely with around 10 OEMs or software vendors and this never came up. I've personally tested around 5 different runtimes (from WAC) and have never noticed any performance issue at boot (no real difference then starting a native app or anything I could perceive). Maybe I'm missing something?  

Kind regards,

Marcos Caceres
Received on Thursday, 15 December 2011 19:40:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:17 UTC