Peter Fairbrother <> writes:

>If you just want a down-and-dirty 2048-bit FS solution which will work today,
>why not just have the websites sign a new RSA-2048 sub-certificate every day?
>Or every few hours? And delete the secret key, of course.

... and I guess that puts you firmly in the theoretical/impractical camp.
Would you care to explain how this is going to work within the TLS protocol?
It's easy enough to throw out these hypothetical what-if's (gimme ten minutes
and I'll dream up half a dozen more, all of them theoretically OK, none of
them feasible), but they need to actually be deployable in the real world, and
that's what's constraining the current debate.


The cryptography mailing list

Reply via email to