Re: [TLS] Short Ephermal Diffie-Hellman keys

To: tls at lists.ietf.org
Subject: Re: [TLS] Short Ephermal Diffie-Hellman keys
From: Dr Stephen Henson <lists at drh-consultancy.demon.co.uk>
Date: Tue, 15 May 2007 13:11:32 +0100
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F24041FA7FF@esebe105.NOE.Nokia.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com> <46488F24.4020304@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24041FA7FF@esebe105.NOE.Nokia.com>
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Pasi.Eronen at nokia.com wrote:
> Mike wrote:
> 
>> This is probably the result of an administrator not wanting to
>> wait the extra 30 seconds to generate a strong key.  If the
>> server is set up to generate a key on startup, it may not start
>> listening for connections until it has completed the task.
> 
> Generating a 1024-bit DH key on a modern PC takes less 
> than 30 _milli_seconds, so I doubt this is the real reason 
> (unless the implementation is really, really stupid).
> 

The 30 seconds reference should be for DH _parameter_ generation (which
some servers perform on start up) rather than key generation.

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson at drh-consultancy.co.uk, PGP key: via homepage.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] Re: Short Ephermal Diffie-Hellman keys
  - From: Simon Josefsson

References:
- [TLS] Short Ephermal Diffie-Hellman keys
  - From: Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Mike
- RE: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Pasi.Eronen

Prev by Date: RE: [TLS] Short Ephermal Diffie-Hellman keys
Next by Date: [TLS] Re: Short Ephermal Diffie-Hellman keys
Previous by thread: RE: [TLS] Short Ephermal Diffie-Hellman keys
Next by thread: [TLS] Re: Short Ephermal Diffie-Hellman keys
Index(es):
- Date
- Thread

Re: [TLS] Short Ephermal Diffie-Hellman keys

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.