It is not necessary to choose between either forward secrecy
or low latency. It is possible to achieve both (and many other
properties) as does MinimaLT.
In MinimaLT, the current ephemeral key for the server
is added to the DNS record fetched during the DNS lookup. These entries
expire fairly quickly, ensuring that old keys are never
used.
The DNS lookup is necessary for other reasons, so there
is no additional latency.
This design avoids weak mechanisms and added complexity,
two issues that cause enormous problems in security software.
Jon Solworth
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
