Re: Question about time to generate certs

On 09/05/2015 04:33 AM, Martin Thomson wrote:
> On 4 September 2015 at 19:08, Justin Uberti <juberti@google.com> wrote:
>> We are about to land ECDSA in Chrome. At that point, I think browser caching
>> and all other optimizations become meaningless.
> Key generation is fairly trivial, but not as trivial as retrieving it
> from storage.  However, I would still recommend key reuse for RSA
> (sloooow) and for where you actually want to present some sort of
> stable identity to peers.  In most cases, the default behaviour is
> probably the best.
>
What would you recommend as the best explanation of what the "identity"
asserted by an ephemeral cert "means"?

I had a discussion with a colleague the other day about this - as far as
I can tell, an ephemeral cert signed by no trusted party can be used for
reassurance that the signalling channel and the media channel have
either not been MITMed or that they have both been MITMed by the same
attacker.


-- 
Surveillance is pervasive. Go Dark.

Received on Sunday, 6 September 2015 16:53:10 UTC