Re: [TLS] Should we use proof-of-possession rather than signatures?

> On Nov 24, 2015, at 10:06 AM, Eric Rescorla wrote: > > > > On Tue, Nov 24, 2015 at 9:53 AM, Mike Hamburg > wrote: > >> >> In general, servers have signature keys, not static DH keys. QUIC bridges >> this by >> having the server generate an offline signature ove

Re: [TLS] Should we use proof-of-possession rather than signatures?

> On Nov 24, 2015, at 12:27 PM, Hugo Krawczyk wrote: > On Tue, Nov 24, 2015 at 12:53 PM, Mike Hamburg > wrote: > > I agree that the speed and size savings are not necessarily worth the > complexity. If we were rolling a new protocol from scratch they probably > woul