<div dir="ltr">Kinda reading/thinking to fast today and a bit distracted by work. Sorry again for the confusion (I tend to mix up ECDHE and ECDSA in ciphersuites, goddamn) :)<div><br></div><div>Aaron</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Thu, Feb 6, 2014 at 10:44 PM, Aaron Zauner <span dir="ltr"><<a href="mailto:azet@azet.org" target="_blank">azet@azet.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Ah. makes sense. Mea culpa.<div><br></div><div>Still ECDSA operations will be a lot faster than RSA. But that kind of business impact for the sake of security can (and probably should) be tolerated for now.</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>Aaron</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 6, 2014 at 10:41 PM, Kurt Roeckx <span dir="ltr"><<a href="mailto:kurt@roeckx.be" target="_blank">kurt@roeckx.be</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Thu, Feb 06, 2014 at 10:19:42PM +0100, Aaron Zauner wrote:<br>
> Well. Not true. You can get AES-GCM also with non-ephemeral handshakes.<br>
><br>
> ECDSA is prefered because the computational overhead is very small in<br>
> comparison to DHE (which none of the larger web platforms will use, because<br>
> it'll kill their servers with serious real-life traffic at hand). Didn't I<br>
> say so a couple of months back? Nobody will use DHE and people will<br>
> complain on the list (as they did) :)<br>
<br>
</div>I think he's talkign about ECDHE_ECDSA before ECDHE_RSA, not ECDHE<br>
before DHE.<br>
<span><font color="#888888"><br>
<br>
Kurt<br>
<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>