GithubHelp home page GithubHelp logo

Comments (4)

zeroXten avatar zeroXten commented on June 28, 2024

Thanks for the feedback :)

Are you referring to the management protocol keys, the X.509 keys or both? The plan for x.509 was to be ECDSA by default but hadn't decided about the management protocol yet. As it works more like GPG than TLS, the only real advantage of EC is smaller key sizes. No reason to use it in terms of PFS.

Edit:

Hah. Just noticed you already prefixed it with x509, but would still like your opinion on the management protocol.

from core.

jonbonazza avatar jonbonazza commented on June 28, 2024

As you guessed, I was referring to x.509. =)

If you plan to use ECDSA that's fantastic.
There are a couple advantages of EC keys over RSA keys:

  1. As you mentioned, smaller key size. In order to get the strength of 128 bit security, an EC key only needs to be 256-bit, while an RSA key would need to be 3072-bit. In today's world, one could argue that is fine, but in the (nearish?) future, when 256-bit security is the norm, an EC key would only need to be 512-bit, while an equivalent RSA key would need to be... well, over 15,000-bit. That's just simply not scalable.

  2. EC is signature algorithm agnostic. That is, while the most common implementation is ECDSA, it can be used with other signature algorithms as well. RSA keys can only be used for RSA signing.

The second point isn't a huge concern for me (and I imagine most people would agree) as ECDSA is sufficient for most uses, but the first point is very important. I see 256-bit encryption becoming the norm within the next 10 years and as important scalability is in todays systems, It would be nice to see projects thinking ahead in this regard. It's also very trivial to implement in Go, so I don't see a downside at all.

As for the management protocol, I still haven't looked much into that portion of things, so I'll reserve my judgement until I have a clearer understanding of how that is intended to work.

from core.

jonbonazza avatar jonbonazza commented on June 28, 2024

I am actually working on an implementation for this. I will submit a PR when ready.

from core.

jonbonazza avatar jonbonazza commented on June 28, 2024

Closing this as we now have more granular issues for this.

from core.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.