[Security] TLS Certificates Verification
js-xmpp-security at webkeks.org
Wed Aug 20 11:38:58 CDT 2008
"Eric Rescorla" <ekr at rtfm.com> wrote:
> I must be missing something here:
> 1. Key generation in DSA-based systems is just as fast as ephemeral
> DH key generation, as long as you use a pregenerated group.
> 2. Key generation in RSA-based systems is slower, but still a matter
> of a second or two on any reasonably modern system.
Oh, generating an OTR key takes a few seconds here, on my 450 MHz
NetBSD box it even took about an hour, because /dev/random is used
there. So waiting an hour on some systems is ok for the user? I really
don't think so…
> If you're going to use public key cryptography, you need to generate
> public keys.
That's why I'm AGAINST using public keys, we could use secrets, like it
can be done with ESessions.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20080820/a02a3448/attachment.pgp
More information about the Security