Perfect Forward Secrecy - is it worth it?
Perry E. Metzger
perry at piermont.com
Wed Nov 1 09:06:05 PST 1995
Simon Spero writes:
> Quick survey; how important is perfect forward secrecy to you?
Very. It makes one's life far easier. It makes protecting historical
traffic easy. Its a wonderful feature for a cryptosystem.
> In general, schemes offering PFS require a extra PK-op, and an extra
> round-trip when compared to non-PFS schemes. This cost is incurred once
> per "session", but can add on the order of seconds to startup times.
Well, things aren't that bad if you use eliptic curve variants on D-H,
or if you are very careful. See Phil Karn's work on this for Photuris...
Perry
More information about the cypherpunks-legacy
mailing list