[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diffie-Hellman (note by Hugo)




I agree with Hugo. The requirement of `perfect forward secrecy' is non
trivial and does not come for free. However, since some think it is a must,
then it would be useful to decide it is a requirement - unless we have some
(substantial) objections. After all, we all agree that it improves security.
If we can reach such agreement, we would be making some progress.

As usual, it is up to the subscribed members of the mailing list to let their
voices be heard in order for us to make progress - and please, supporting
is as important as objecting.

Also.. Hugo says:

> BTW, as one of the authors of MKMP, the only reason we proposed good and not
> perfect fwd secrecy was the feeling that authenticated DH can be too expensive
> computationally as the universal algorithm for Internet, but if people
> believe it is affordable (without introducing dangerous shortcuts)
> we are fervent supporters of it.

As another author of IKMP, I feel the same.

Best, Amir



Follow-Ups: References: