On Aug 17, 2014 2:50 PM, "Paul Hoffman" <[email protected]> wrote: > > > On Aug 17, 2014, at 2:19 PM, Watson Ladd <[email protected]> wrote: > > > To be clear, reusing exponents > > means an attacker who rolls up, grabs the server and snarfs RAM along > > with the disks has every bit of data that ever went through that > > server. > > ...since the exponent was last changed. It sounds like you are assuming that servers that reuses exponents does so forever, rather than for, say a minute. And yet the argument for some exponent reuse is that regenerating the exponent every time is overkill if they don't care about a minute or so's worth of exposure to the a break-in or to a catastrophic cryptographic attack.
Read the code. Or read AGLs blog post about what servers actually do. Specifically, many servers generate keys on startup and never again. Given that restarts are rare, this can be a lot of data. > > > This is only marginally an improvement from no ephemeral key > > exchange, and it's something that people designing systems based on > > TLS need to be aware of. > > So, make them aware of it. Discuss the tradeoffs in that document. This document is about best current practices, and some of those practices are based on assumptions different than yours. The issue is out of scope for this WG, specifically writing the nuanced wording that is required. Let's assume people mean what they say, and require them to say what they mean. > > --Paul Hoffman
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
