On 9/16/15 at 4:23 PM, n...@cryptonector.com (Nico Williams) wrote:
Whichever one is removed, I shall oppose the removal of the other.
On 9/17/15 at 5:21 PM, ietf-d...@dukhovni.org (Viktor Dukhovni) wrote:
The costs are likely noticeable for 4096-bit RSA keys. In the end though, if dropping anon_(EC)DH increases the chance that RPK gets widely implemented, I can live with the cons.
I agree with both Nico and Viktor. For me the big win of RPK over anon_(EC)DH is it allows TOFU. If TOFU isn't needed, short public keys should ease many of Viktor's cons. I also like the idea of simpler implementations.
For the question that started this thread, I am neutral. Cheers - Bill -------------------------------------------------------------- Bill Frantz | There are now so many exceptions to the 408-356-8506 | Fourth Amendment that it operates only by www.pwpconsult.com | accident. - William Hugh Murray _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
