Eric Rescorla wrote:
>
> > > is any virtue in generating new DH keys for every transaction
> > > other than Perfect Forward Secrecy -- which you could do
> > > just as good a job with by refreshing the key every couple
> > > hours.
> >
> > Forward secrecy is exactly the point (that's what the temporary keys
> > are for, if we leave aside export ciphers). You're right that it
> > shouldn't be necessary to create a fresh key every time we need one,
> > but it does not cost a lot;
> I'm not sure what you mean by 'doesn't cost a lot'. It essentially
> doubles the computation cost, because it requires two modular
> exponentiations instead of one.
Yeah, but with RSA it costs you a large-prime-generation. Which _is_ a
lot.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
