On 1/4/13 3:23 PM, Andrey Jivsov wrote:
...
Point compression is more beneficial for storage security for reasons
of performance and storage efficiency. For storage efficiency side:
when there are multiple recipients per message, each associated with
one ECDH-related field, it's possible for ECDH-specific payload to get
arbitrary large for a fixed short message. For the performance
argument: if the message was encrypted to N recipients, to decode it
only one recipient will be used, and thus the calculation of 'y' is
done once but the space is saved for N.
Are you confident that this attempt at space efficiency is consistent
with S/MIME processing rules?
Or are you suggesting that S/MIME and other secure email standards
become alg-specific to take
advantage of this optimization?
Even for certificates that have one public key there is some benefit,
given that the certificates are pre-precessed for chain validation and
are often cached.
Most IETF security protocols make use of X.509 (PKIX) certs. X.509 certs
always contain just one key.
So I'm puzzled by the phrase "Even for certificates that have one public
key ..."
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec