<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/6/2014 3:23 PM, Paul Hoffman
wrote:<br>
</div>
<blockquote cite="mid:BD992B48-6859-4065-88C7-3C7EA36926C8@vpnc.org"
type="cite">
<pre wrap="">On Oct 6, 2014, at 12:17 PM, Richard Lamb <a class="moz-txt-link-rfc2396E" href="mailto:richard.lamb@icann.org"><richard.lamb@icann.org></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">FWIW: With enough warning I believe we can get AEP to work with us.
</pre>
</blockquote>
<pre wrap="">
With enough warning, I hope that IANA can get *all* the relevant HSM manufacturers to implement whatever curves are chosen by the IETF for TLS, and then possibly by this community for DNSSEC.</pre>
</blockquote>
<br>
FWIW - it's trivial for most HSM manufacturer's to support the X9.63
style curves and public keys and signatures. Generally, it's just
giving them the new curve data. Supporting any of the non-X9.63
curves (including Curve25519 and probably the NUMS Twisted Edwards,
but not the NUMS Weiserstrass) will require some selling to the HSM
vendors (new math, new math engines, new formats etc) and something
more than just the ICANN asking for them.<br>
<br>
I don't think actually that being chosen for TLS is the right
benchmark for DNSSEC - different needs.<br>
<br>
Mike<br>
<br>
<br>
<br>
<br>
<blockquote cite="mid:BD992B48-6859-4065-88C7-3C7EA36926C8@vpnc.org"
type="cite">
<pre wrap="">
--Paul Hoffman
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ksk-rollover mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/ksk-rollover">https://mm.icann.org/mailman/listinfo/ksk-rollover</a>
</pre>
</blockquote>
<br>
</body>
</html>