CA performance

Published Jan 24 2020 01:45 PM 218 Views
Microsoft

First published on TECHNET on May 14, 2009

Back in the year 2003 we have published information about the CA performance and how it is impacted by various factors. The TechNet article is called Evaluating CA Capacity, Performance, and Scalability and is more or less still valid. You may transform the enrollment numbers to current hardware capabilities.

One thing that I would like to point out here is the article’s statement about key-length. Key generation cost increases with key size, but that burden is borne by the client (remember the certificate enrollment flow as documented in How Certificates Work under heading How Certificates Are Created ). Therefore, the performance of the CA my only change with different key length if key archival is used. Then the CA will verify the public-private key pair match by performing a round trip encryption/decryption. If key archival is not used, the key length is neutral to the CA performance.

%3CLINGO-SUB%20id%3D%22lingo-sub-1128491%22%20slang%3D%22en-US%22%3ECA%20performance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1128491%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20May%2014%2C%202009%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EBack%20in%20the%20year%202003%20we%20have%20published%20information%20about%20the%20CA%20performance%20and%20how%20it%20is%20impacted%20by%20various%20factors.%20The%20TechNet%20article%20is%20called%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc778985.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Evaluating%20CA%20Capacity%2C%20Performance%2C%20and%20Scalability%20%3C%2FA%3E%20and%20is%20more%20or%20less%20still%20valid.%20You%20may%20transform%20the%20enrollment%20numbers%20to%20current%20hardware%20capabilities.%3C%2FP%3E%0A%3CP%3EOne%20thing%20that%20I%20would%20like%20to%20point%20out%20here%20is%20the%20article%E2%80%99s%20statement%20about%20key-length.%20Key%20generation%20cost%20increases%20with%20key%20size%2C%20but%20that%20burden%20is%20borne%20by%20the%20client%20(remember%20the%20certificate%20enrollment%20flow%20as%20documented%20in%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fcc776447.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20How%20Certificates%20Work%20%3C%2FA%3E%20under%20heading%20%3CEM%3E%20How%20Certificates%20Are%20Created%20%3C%2FEM%3E%20).%20Therefore%2C%20the%20performance%20of%20the%20CA%20my%20only%20change%20with%20different%20key%20length%20if%20key%20archival%20is%20used.%20Then%20the%20CA%20will%20verify%20the%20public-private%20key%20pair%20match%20by%20performing%20a%20round%20trip%20encryption%2Fdecryption.%20If%20key%20archival%20is%20not%20used%2C%20the%20key%20length%20is%20neutral%20to%20the%20CA%20performance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1128491%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20May%2014%2C%202009%20Back%20in%20the%20year%202003%20we%20have%20published%20information%20about%20the%20CA%20performance%20and%20how%20it%20is%20impacted%20by%20various%20factors.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1128491%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECarstenKinder%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Feb 20 2020 02:57 PM
Updated by: