[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Wed Aug 20 11:29:26 CDT 2008


On Wed, Aug 20, 2008 at 9:23 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> Dave Cridland <dave at cridland.net> wrote:
>
>> In fact, I think certificates are actually the best approach,
>> because they're better understood, the IPR impact is clearer, they
>> provide a wide range of options for initial and subsequent
>> authentication, and both users and developers are more exposed to
>> them, hence more likely to accept and trust them. I think we have a
>> solid base there from leap-of-faith to fingerprinting to work with.
>
> I disagree. For the average user, they are the worst possible scenario.
> They are scared by a long fingerprint or having to create a certificate
> etc. Very scared! And it's not user friendly to have the user waiting
> until a key is generated…

I must be missing something here:
1. Key generation in DSA-based systems is just as fast as ephemeral
    DH key generation, as long as you use a pregenerated group.
2. Key generation in RSA-based systems is slower, but still a matter
    of a second or two on any reasonably modern system.

If you're going to use public key cryptography, you need to generate
public keys.

-Ekr


More information about the Security mailing list