[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed message on perfect forward security


Responding to my comment :
>  >On the other hand, many other applications have no strong requirement for
>  >perfect forward security. Examples of these fall generally into that class

you observe :

>  But this is not an argument against mechanisms that do provide perfect
>  forward secrecy unless you can *prove* that the extra cost is
>  unacceptable. As CPUs get faster, the authors of modexp routines get
>  smarter, and the IPSEC group gets older, I find it increasing hard to
>  justify developing lots of different algorithms.  I'd much prefer to
>  do one for the most general case and leave it at that.

I gather from your wording that you mean "prove" in the market acceptance
sense (i.e., products using key distribution mechanisms providing perfect
forward security will be widely used), rather than the mathematical or
formal logic sense. If so, then I think we agree. My arguments are not
"against mechanisms that do provide perfect forward secrecy," but rather for
allowing the marketplace to do its job. It is too early to tell just what
the market will desire and so, I believe, it is imprudent to limit IPv6
to a single class of key distribution mechanisms, viz., only those employing
out-of-band keying.