On Wed, Aug 20, 2008 at 10:04 AM, Jonathan Schleifer <[EMAIL PROTECTED]> wrote: > "Eric Rescorla" <[EMAIL PROTECTED]> wrote: > >> To sharpen this point a little: >> If you're using Diffie-Hellman, the cost of computing ZZ (the shared >> key) is rather higher than the cost of generating your own key out of >> a known group. Similarly, the cost of generating a DSA key out of a >> known group is quite low. In other words, if the cost of initial key >> generation at installation time is unacceptable, then you most likely >> can't do asymmetric cryptography to establish connections either. > > Well, DH on that machine never took an hour :). > It might as well be a bug in GNUTLS, though.
The computational requirements are as I have stated. I have no idea what the implementation choices of the various tools you are using are. -Ekr
