[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Housley," == Housley, Russ <rhousley@rsasecurity.com> writes:
    Housley> PFS is not needed by everyone.  For that reason, I think it
    Housley> should be optional.

  As Ted/Barbara asked, citing a scenario where it is not needed is useful.

  Devices which very short call durations may never be online long enough
for it to matter.

  But, the issue is not "is not needed by everyone", so make it optional.

  The questions is, what is better:

      - forcing everyone to implement it
vs
      - quadrupling the number of test cases by making it optional.
      (2x because it may be offered or not, 2x because you may accept it
      or not)

  Remember, even devices which do not support it will have to test the
case that it is offered and they decline!

  Remember also that options have severe impacts on proofs.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPRO+lIqHRg3pndX9AQFx5wP+Omv2/q/mSc4MUy9h4Lq+e7GnDvlpgjgX
ccGltdXVOQdzUYZqudHdTDGgV8sPEyKiPSqA5/dl4TJzwq/GTuMsMs6NRCOwYvkC
otCMTyAdVC2tOxsGk5zoqcxvj2sB2qvFZWyjLRna3ufau81DzyAguiCxXQ1B5USe
2FXFjPu7u2A=
=YATu
-----END PGP SIGNATURE-----