-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The flip side is the parameter generation for the EC DL
cryptosystems is so complex that it will probably be safer for most
purposes to use a standardized parameter set, than to generate your
own, if your library even supports it.
Or use regular DH
You know PFS while a good idea, and IMNSO all non-PFS ciphersuites should be
deprecated etc, PFS just ensures the communicating parties delete the key
negotiation emphemeral private keys after use.
Which does nothing intrinsic to prevent massive computation powered 1024
discrete log on stored PFS