On Thu, Mar 18, 2021 at 4:07 PM Stephen Farrell
wrote:
>
> Hiya,
>
> On 18/03/2021 19:17, David Benjamin wrote:
> > I don't think I'd agree that *most* of the work is in the secret
> > computation per se. Actually doing trial decryption with
> > the secret requires reaching down into the record
On 3/19/2021 2:58 PM, David Benjamin wrote:
On Thu, Mar 18, 2021 at 4:07 PM Stephen Farrell
wrote:
Hiya,
On 18/03/2021 19:17, David Benjamin wrote:
I don't think I'd agree that*most* of the work is in the secret
> computation per se. Actually doing trial decryption with
> the secret re
Hiya,
I agree with your analysis except for the very last part...
On 19/03/2021 23:59, Christian Huitema wrote:
We do have new information that this is somewhat costly to implement
because it requires computing two handshake secrets on the client. On
the other hand, it seems that the cost i
