Dave Cridland <[EMAIL PROTECTED]> wrote: > Well, I strongly suspect that's extreme. A few seconds pause at > runtime would be a little annoying, but given you'd presumably do > this during either the installation or setup phase, I'm not entirely > clear what your point is anyway.
It's because /dev/random was used instead of /dev/urandom. But this gives better results for the generated key, of course. > It's certainly true that on old hardware, or mobile handsets, > generating an RSA key will take a while, albeit it typically not an > hour. But we can also arrange for standard methods for transferring > the private key to other devices, and for actual devices (in the > sense that Dirk Meyer wants to deal with) the key can be > pregenerated by the hardware manufacturer, like is done with the > iPhone. I wouldn't trust the manufacturer for that. I really wouldn't. > Or TLS, of course. > > But humour me for a moment: > > What makes ESessions such a win against TLS? It's already implemented and working :). > Why would my customers be happier with ESessions over TLS? No need to have keys etc. Yes, I know, you can have that with TLS, but it seems everybody here thinks "If TLS, then public keys!". > What analysis can I show them? None, that's why I suggested to contact Google or another premium sponsor if they could sponsor an analysis. None of the sponsors has been contacted for that yet. > What IPR issues affect ESessions that I need to warn them about? I'm not aware of any :). -- Jonathan
signature.asc
Description: PGP signature
