[147281] in cryptography@c2.net mail archive
Re: [Cryptography] RSA equivalent key length/strength
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Sep 24 09:47:17 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 24 Sep 2013 16:27:58 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: pgut001@cs.auckland.ac.nz, zenadsl6186@zen.co.uk
In-Reply-To: <52407BD0.4070903@zen.co.uk>
Cc: cryptography@metzdowd.com, code@funwithsoftware.org, adam@cypherspace.org,
paul.hoffman@vpnc.org, perry@piermont.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Peter Fairbrother <zenadsl6186@zen.co.uk> writes:
>If you just want a down-and-dirty 2048-bit FS solution which will work today,
>why not just have the websites sign a new RSA-2048 sub-certificate every day?
>Or every few hours? And delete the secret key, of course.
... and I guess that puts you firmly in the theoretical/impractical camp.
Would you care to explain how this is going to work within the TLS protocol?
It's easy enough to throw out these hypothetical what-if's (gimme ten minutes
and I'll dream up half a dozen more, all of them theoretically OK, none of
them feasible), but they need to actually be deployable in the real world, and
that's what's constraining the current debate.
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography