On Aug 17, 2014, at 2:19 PM, Watson Ladd <[email protected]> wrote:
> To be clear, reusing exponents > means an attacker who rolls up, grabs the server and snarfs RAM along > with the disks has every bit of data that ever went through that > server. ...since the exponent was last changed. It sounds like you are assuming that servers that reuses exponents does so forever, rather than for, say a minute. And yet the argument for some exponent reuse is that regenerating the exponent every time is overkill if they don't care about a minute or so's worth of exposure to the a break-in or to a catastrophic cryptographic attack. > This is only marginally an improvement from no ephemeral key > exchange, and it's something that people designing systems based on > TLS need to be aware of. So, make them aware of it. Discuss the tradeoffs in that document. This document is about best current practices, and some of those practices are based on assumptions different than yours. --Paul Hoffman _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
