- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 4 Sep 2015 10:57:46 -0700
- To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
- Cc: public-webrtc <public-webrtc@w3.org>
On 4 September 2015 at 09:33, Cullen Jennings (fluffy) <fluffy@cisco.com> wrote: > The spec says that a set of certs are generated for each new PC (if the certs are not provided). How many certs will likely be in this set in the future? Does anyone have rough measurements of how long this takes on slow mobile phone? The set of certs that Firefox generates is of size 1. That is unlikely to change in the near term, though it might be the case that we want to do the new CFRG curves when those are more widely deployed, increasing this to 2. The data that I have on generation times is based on the numbers on http://bench.cr.yp.to/results-sign.html I haven't run tests on an array of machines, but overheads should dominate key generation for anything but the slowest machines... unless you want RSA. Based on the benchmark numbers for ecdonaldp256 (P-256) on a relatively powerful, but ~4 year-old arm CPU [12][4], P-256 key generation takes around 2ms. The overhead involved with loading all the webrtc code is probably higher than that. ronald2048 (RSA) takes somewhere between 1 and 2 seconds, though the actual numbers aren't stable. Don't use RSA on crappy phones. Note that you can (and likely should) cache certificates for these, especially if you are using RSA. [12] Identified as armeabi; Cortex-A15 (410fc0f4); 2012 Samsung Exynos 5 Dual; 2 x 1700MHz [4] I reject your linear footnote hypothesis
Received on Friday, 4 September 2015 17:58:15 UTC