From: Simon Spero <ses@tipper.oit.unc.edu>
To: cypherpunks@toad.com
Message Hash: bca5eefc3e25ad36cad61cab0a4e0f6ca647dfe0054f6433eaf314891778db34
Message ID: <Pine.SOL.3.91.951031141506.1151H-100000@chivalry>
Reply To: N/A
UTC Datetime: 1995-10-31 23:48:45 UTC
Raw Date: Wed, 1 Nov 1995 07:48:45 +0800
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 1 Nov 1995 07:48:45 +0800
To: cypherpunks@toad.com
Subject: Perfect Forward Secrecy - is it worth it?
Message-ID: <Pine.SOL.3.91.951031141506.1151H-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain
Quick survey; how important is perfect forward secrecy to you? I've asked
three people locally so far and gotten four different answers, so in the
spirit of spreading divisiveness where'er I go, I'll try and get a few
more opinions here :-)
In general, schemes offering PFS require a extra PK-op, and an extra
round-trip when compared to non-PFS schemes. This cost is incurred once
per "session", but can add on the order of seconds to startup times.
Should key-management schemes where PK is available always provide PFS,
allow PFS, or not provide PFS? The amount of code needed to implement
each choice point is similar, if you're using something like BSAFE.
Simon
---
(defun modexpt (x y n) "computes (x^y) mod n"
(cond ((= y 0) 1) ((= y 1) (mod x n))
((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
(t (mod (* x (modexpt x (1- y) n)) n))))
Return to November 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”