[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Perfect Forward Secrecy - is it worth it?

To: Simon Spero <[email protected]>
Subject: Re: Perfect Forward Secrecy - is it worth it?
From: "Perry E. Metzger" <[email protected]>
Date: Wed, 01 Nov 1995 11:19:04 -0500
Cc: [email protected]
In-Reply-To: Your message of "Tue, 31 Oct 1995 14:30:04 PST." <Pine.SOL.3.91.951031141506.1151H-100000@chivalry>
Reply-To: [email protected]
Sender: [email protected]

Simon Spero writes:
> Quick survey; how important is perfect forward secrecy to you?

Very. It makes one's life far easier. It makes protecting historical
traffic easy. Its a wonderful feature for a cryptosystem.

> In general, schemes offering PFS require a extra PK-op, and an extra 
> round-trip when compared to  non-PFS schemes. This cost is incurred once 
> per "session", but can add on the order of seconds to startup times. 

Well, things aren't that bad if you use eliptic curve variants on D-H,
or if you are very careful. See Phil Karn's work on this for Photuris...

Perry

Prev by Date: Re: IBM's Microkernal
Next by Date: Rivest on the Design of RC4
Prev by thread: Re: Please send cash
Next by thread: Rivest on the Design of RC4
Index(es):
- Date
- Thread